Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Rogue Scanner (Type 1178) - Desperately need help! Logs Included


  • This topic is locked This topic is locked
21 replies to this topic

#1 mercmania

mercmania

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 05 August 2010 - 01:58 AM

Hello BC community. Hopefully I am posting in the correct section. I have followed the steps, and I have included the required logs below.

I shall begin with what I know. I consider myself to be of decent computer knowledge; I know how to write HTML, I properly run Windows 98/XP/Vista without many problems, and I can, and have on occasion, installed hardware (new graphics card, etc).

Currently, AVG is giving me warnings that is has blocked "Exploit Rogue Scanner (type 1178)". As far as I know, this is a rare form and is extremely difficult to remove. The effects of this 'virus' include: opening and leading to completely random webpages. I have attempted to research how to remove such a problem. However, my google searches have yielded me little results and the virus still persists (on occassion, AVG tells me the Exploit Rogue Scanner threat is blocked).

Here is what I have done to remedy the situation:
Switched from IE to Mozilla Firefox.
Complete Scan with AVG Free (AVG version: 9.0.851 -- Virus DB: 271.1.1/3043). It did not remove the ERS1178.
Complete Scan with Spybot-SD (version: 1.6.2). It did not remove the ERS1178.
Complete Scan with Malwarebytes' Anti-Malware (version: 1.41). I have a log for 22July2010. It did not remove ERS1178.
Complete Scan with SUPERAntiSpyware Main Menu (version: 4.40.1002). It did not remove ERS1178.
(Note: I do not run these protection software at the same time).

Finally, I would like to thank those who spend the time reading my post and helping. All the help is sincerely appreciated. Thank you in advance.

Respectfully,
a very frustrated computer user
Mercmania

__________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by mercuri family at 2:12:59.66 on 05/08/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1131 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mercuri family\Desktop\av\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\mercuri family\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/celebrity-table-tennis/en/"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: {59FCB003-A454-420E-A7EE-E94A48FA601B} = 207.164.234.129 207.164.234.193
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mercur~1\appdata\roaming\mozilla\firefox\profiles\baa9vhpi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mercuri family\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-8-22 329704]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx6x.sys [2009-8-22 119784]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-8-22 340456]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-22 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-1 11608]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-22 216400]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-5-16 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-6 243024]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-8-22 479720]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-8-22 787432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-8-1 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-1 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-8-1 405672]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-20 308136]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-1 60936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-20 1153368]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-8-22 385512]
R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-8-22 378344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-2-10 24576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-03 01:57:47 0 d-----w- c:\programdata\Blizzard Entertainment
2010-08-01 19:33:53 0 d-----w- c:\users\mercur~1\appdata\roaming\Avira
2010-08-01 18:43:07 0 d-----w- c:\users\mercuri family\sc2
2010-08-01 15:49:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-01 15:49:09 0 d-----w- c:\programdata\Avira
2010-08-01 15:49:08 0 d-----w- c:\program files\Avira
2010-08-01 15:45:56 32 ----a-w- c:\windows\CD_Start.INI
2010-08-01 01:04:30 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-08-01 00:47:21 150819517 ----a-w- c:\windows\MEMORY.DMP
2010-07-22 16:53:55 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-22 16:53:39 0 d-----w- c:\program files\Panda Security
2010-07-21 00:56:27 0 d-----w- c:\program files\Steam
2010-07-20 22:06:29 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-20 22:06:29 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 21:04:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-20 20:54:01 65536 --sha-w- c:\users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TM.blf
2010-07-20 20:54:01 524288 --sha-w- c:\users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000002.regtrans-ms
2010-07-20 20:54:01 524288 --sha-w- c:\users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000001.regtrans-ms
2010-07-20 19:39:28 0 d-----w- c:\users\mercur~1\appdata\roaming\SUPERAntiSpyware.com
2010-07-20 19:39:28 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-20 19:39:23 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-07-20 21:04:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-20 21:04:16 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-03 19:00:52 138624 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 19:00:35 218464 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-29 01:12:08 138056 ----a-w- c:\users\mercur~1\appdata\roaming\PnkBstrK.sys
2010-06-09 16:20:22 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-02-11 02:28:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-11 02:28:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-11 02:28:47 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 08:19:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-09-14 22:00:49 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-05-09 21:11:16 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-05-09 21:11:16 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-05-09 21:11:16 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-04-05 16:12:13 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:15:21.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 13 August 2010 - 07:23 AM

Hello mercmania

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 13 August 2010 - 03:02 PM

Thank you for taking the time to help me. Here are the logs you requested. I will try and be more speedy in my reply next time.
______________________________________________________________________________

OTL logfile created on: 13/08/2010 3:47:08 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\mercuri family\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 12.75 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.19 Gb Free Space | 41.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.50 Gb Total Space | 525.93 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MOMCOMPUTER
Current User Name: mercuri family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\mercuri family\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NDAS\System\ndassvc.exe (XIMETA, Inc.)
PRC - C:\Program Files\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\mercuri family\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Inc.)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE File not found
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ndassvc) -- C:\Program Files\NDAS\System\ndassvc.exe (XIMETA, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (lpx) -- C:\Windows\system32\DRIVERS\lpx6x.sys (XIMETA, Inc.)
DRV - (ndasscsi) -- C:\Windows\System32\drivers\ndasscsi.sys (XIMETA, Inc.)
DRV - (ndasrofs) -- C:\Windows\System32\drivers\ndasrofs.sys (XIMETA, Inc.)
DRV - (ndasfat) -- C:\Windows\System32\drivers\ndasfat.sys (XIMETA, Inc.)
DRV - (ndasfs) -- C:\Windows\system32\DRIVERS\ndasfs.sys (XIMETA, Inc.)
DRV - (lfsfilt) -- C:\Windows\system32\DRIVERS\lfsfilt.sys (XIMETA, Inc.)
DRV - (ndasbus) -- C:\Windows\System32\drivers\ndasbus.sys (XIMETA, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:06:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/12 01:39:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 01:39:05 | 000,000,000 | ---D | M]

[2010/07/20 21:12:01 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\mozilla\Extensions
[2010/07/20 21:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mercuri family\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/30 20:47:49 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/01/08 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\mozilla\Firefox\extensions
[2009/01/08 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mercuri family\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/08/11 17:40:50 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\mozilla\Firefox\Profiles\baa9vhpi.default\extensions
[2010/07/22 01:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mercuri family\AppData\Roaming\mozilla\Firefox\Profiles\baa9vhpi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 21:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 13:49:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/03 13:49:44 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/08/03 13:49:44 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/08/03 13:49:46 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/26 03:01:57 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/26 03:01:57 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/06/26 03:01:57 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/06/26 03:01:57 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/06/26 03:01:57 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/26 03:01:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/06/26 03:01:57 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/20 18:57:32 | 000,412,119 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14243 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\mercuri family\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mercuri family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mercuri family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a6c04879-f3fd-11de-8a72-0019d141babc}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/19 03:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 17:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/11 17:41:32 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/08/11 17:41:32 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/08/11 17:41:32 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/08/11 17:41:31 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/08/11 17:41:28 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/08/11 17:41:27 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/08/11 17:41:27 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/08/11 17:41:27 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/08/11 17:41:24 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/08/11 17:41:24 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010/08/11 17:41:24 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/08/11 17:41:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/08/05 02:12:23 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\Desktop\av
[2010/08/05 01:57:35 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\Desktop\tdss killer
[2010/08/02 21:57:47 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\Documents\StarCraft II
[2010/08/02 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/08/01 15:59:04 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\Desktop\SC2-WingsOfLiberty-enUS-Installer
[2010/08/01 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\AppData\Roaming\Avira
[2010/08/01 14:43:07 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\sc2
[2010/08/01 11:49:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/08/01 11:49:10 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/08/01 11:49:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/08/01 11:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/08/01 11:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/31 21:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/07/31 20:47:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/22 12:53:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/07/22 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/07/20 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\AppData\Local\Mozilla
[2010/07/20 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/20 20:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/07/20 18:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/20 18:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/20 17:04:34 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/20 15:39:28 | 000,000,000 | ---D | C] -- C:\Users\mercuri family\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/20 15:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/20 15:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/20 15:14:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mercuri family\*.tmp files -> C:\Users\mercuri family\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/13 15:50:33 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E488470A-17C5-4D0A-943B-9981E01D1C03}.job
[2010/08/13 15:49:34 | 009,699,328 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat
[2010/08/13 15:45:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000UA.job
[2010/08/13 15:44:37 | 063,370,902 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/13 15:39:07 | 000,067,949 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/13 15:39:04 | 000,067,949 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/13 15:38:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 15:38:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 15:38:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 15:38:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/13 15:37:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/13 04:51:16 | 000,524,288 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 04:51:16 | 000,065,536 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TM.blf
[2010/08/13 04:50:11 | 002,617,677 | -H-- | M] () -- C:\Users\mercuri family\AppData\Local\IconCache.db
[2010/08/13 03:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/12 14:45:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000Core.job
[2010/08/11 17:28:25 | 158,685,435 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/10 20:46:23 | 000,002,089 | ---- | M] () -- C:\Users\mercuri family\Desktop\Google Chrome.lnk
[2010/08/10 20:46:23 | 000,002,051 | ---- | M] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/08 00:04:46 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/02 22:45:43 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/01 23:55:21 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/08/01 23:55:21 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/08/01 15:45:29 | 000,742,150 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/01 15:45:29 | 000,119,642 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/01 15:45:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/01 11:49:18 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/01 11:45:56 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2010/07/24 01:07:35 | 000,110,080 | ---- | M] () -- C:\Users\mercuri family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 16:39:33 | 000,103,981 | ---- | M] () -- C:\Users\mercuri family\Desktop\39074_1444525807424_1661490058_1073240_946263_n.jpg
[2010/07/20 21:11:35 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/20 21:11:21 | 000,001,750 | ---- | M] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/20 21:11:21 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/20 20:59:56 | 000,000,213 | ---- | M] () -- C:\Users\mercuri family\Desktop\Alien Swarm.url
[2010/07/20 20:59:02 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/20 19:00:58 | 000,524,288 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 18:57:32 | 000,412,119 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/20 18:06:42 | 000,001,081 | ---- | M] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/20 18:06:42 | 000,001,057 | ---- | M] () -- C:\Users\mercuri family\Desktop\Spybot - Search & Destroy.lnk
[2010/07/20 17:04:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/20 17:04:34 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/20 17:04:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/20 16:59:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/20 16:58:37 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 16:50:44 | 005,242,880 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat_previous
[2010/07/20 16:50:43 | 000,524,288 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat{379c425f-e053-11de-84f9-0019d141babc}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 16:50:43 | 000,065,536 | -HS- | M] () -- C:\Users\mercuri family\ntuser.dat{379c425f-e053-11de-84f9-0019d141babc}.TM.blf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mercuri family\*.tmp files -> C:\Users\mercuri family\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/12 22:32:37 | 000,000,527 | ---- | C] () -- C:\Users\mercuri family\Desktop\Rome - Total War.lnk
[2010/08/11 17:50:44 | 000,067,949 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/11 17:50:43 | 000,067,949 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/11 17:41:32 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/08/02 21:57:47 | 000,000,678 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/01 14:41:24 | 000,002,089 | ---- | C] () -- C:\Users\mercuri family\Desktop\Google Chrome.lnk
[2010/08/01 14:41:24 | 000,002,051 | ---- | C] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/01 14:40:15 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000UA.job
[2010/08/01 14:40:14 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000Core.job
[2010/08/01 11:49:18 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/01 11:45:56 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/07/31 20:47:21 | 158,685,435 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/22 16:39:32 | 000,103,981 | ---- | C] () -- C:\Users\mercuri family\Desktop\39074_1444525807424_1661490058_1073240_946263_n.jpg
[2010/07/20 21:11:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/20 21:11:21 | 000,001,750 | ---- | C] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/20 21:11:21 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/20 20:59:56 | 000,000,213 | ---- | C] () -- C:\Users\mercuri family\Desktop\Alien Swarm.url
[2010/07/20 20:56:27 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/20 18:06:42 | 000,001,081 | ---- | C] () -- C:\Users\mercuri family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/20 18:06:42 | 000,001,057 | ---- | C] () -- C:\Users\mercuri family\Desktop\Spybot - Search & Destroy.lnk
[2010/07/20 16:58:37 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 16:54:01 | 000,524,288 | -HS- | C] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 16:54:01 | 000,524,288 | -HS- | C] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 16:54:01 | 000,065,536 | -HS- | C] () -- C:\Users\mercuri family\ntuser.dat{8c21cb04-943e-11df-9c02-0019d141babc}.TM.blf
[2009/12/29 22:23:29 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/29 22:23:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/23 18:37:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 19:18:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/03 19:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/31 22:42:16 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/04 02:47:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/05/03 14:36:31 | 000,138,624 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/04/10 16:51:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/04/05 12:12:27 | 000,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/04/05 12:12:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/05 12:12:27 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/05 12:12:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/05 12:12:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/04 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\2K Sports
[2007/08/06 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Acoustica
[2010/08/13 04:50:15 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\BitTorrent
[2009/08/02 02:59:56 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\DAEMON Tools Lite
[2009/02/13 21:15:10 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\dyyno-vlc
[2009/01/21 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\FrostWire
[2009/09/22 11:53:32 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\GetRightToGo
[2010/04/04 17:31:40 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Leadertech
[2008/08/02 20:27:52 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\My Games
[2007/08/01 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\NCH Swift Sound
[2008/02/10 20:58:46 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\NetMedia Providers
[2010/02/07 14:40:22 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Out of the Park Developments
[2010/04/04 14:42:06 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Pro Cycling Manager 2009
[2008/02/10 20:58:46 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Publish Providers
[2009/12/30 01:01:49 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Sierra Entertainment
[2008/02/10 21:44:36 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Sony
[2009/05/22 01:05:41 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\TeamViewer
[2010/02/10 22:39:36 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Teleca
[2010/06/18 22:06:53 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Tropico 3
[2009/08/03 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\Ubisoft
[2009/06/14 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\mercuri family\AppData\Roaming\YoudaGames
[2010/08/13 04:04:16 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/13 15:50:33 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E488470A-17C5-4D0A-943B-9981E01D1C03}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/26 00:12:21 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/04/08 20:48:29 | 000,000,506 | ---- | M] () -- C:\BnetLog.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 09:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/04/05 12:12:36 | 000,004,257 | RH-- | M] () -- C:\dell.sdr
[2007/11/05 21:29:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/05 21:29:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/13 15:37:41 | 2459,127,808 | -HS- | M] () -- C:\pagefile.sys
[2009/09/05 17:49:05 | 000,000,204 | ---- | M] () -- C:\Plugins
[2010/07/20 17:46:48 | 000,000,443 | ---- | M] () -- C:\rkill.log
[2008/06/05 16:52:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/14 12:41:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/29 15:58:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/17 18:03:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/03 20:54:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/05 01:04:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/05 17:44:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/06/05 16:52:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/09/14 12:41:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/29 15:58:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/17 18:03:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/03 20:54:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/05 01:04:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/05 17:44:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/08/05 02:02:01 | 000,118,158 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_05.08.2010_02.00.22_log.txt
[2010/08/05 02:02:46 | 000,060,074 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_05.08.2010_02.02.18_log.txt
[2010/08/06 06:04:43 | 000,060,074 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_06.01.57_log.txt
[2010/08/08 02:21:26 | 000,060,320 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_08.08.2010_02.17.10_log.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 03:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 03:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/20 17:04:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/02 08:47:48 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/01 23:55:21 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/07/20 17:04:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/01 23:55:21 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/07/03 15:00:52 | 000,138,624 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\Sony Media Libraries:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\My Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\mercuri family\Desktop\n1666920046_84863_5626.jpg:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F7CB87BE
< End of report >


_______________________________________________________________________________

OTL Extras logfile created on: 13/08/2010 3:47:08 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\mercuri family\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 12.75 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.19 Gb Free Space | 41.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.50 Gb Total Space | 525.93 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MOMCOMPUTER
Current User Name: mercuri family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09769F95-EF2C-41D2-B82A-5A1EBB6D9A84}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{15011E69-5A41-467C-80D0-33490A4560E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1936C7E0-32E5-48FB-A51C-8ADA2F86BECB}" = lport=6112 | protocol=6 | dir=in | name=wow port 6112 |
"{1BEFDE06-AD9F-4C10-9C96-2CF114325DBA}" = lport=16236 | protocol=17 | dir=in | name=bt udp |
"{247AD1D9-C7A2-443B-A73E-68422B11CE3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2504775A-F13D-4217-9C6B-D912BA3AE04F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2690174F-32DE-48FD-B853-1655907D54E4}" = lport=6346 | protocol=6 | dir=in | name=limewiretcp |
"{3546D810-2795-4AAB-96AF-B56B95A98B55}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3652E6B3-3C8F-4F9F-ABF4-14B579924534}" = lport=4321 | protocol=6 | dir=in | name=limewire |
"{38F07251-1359-48E5-95F4-1FFB05FCF1A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3ACF4E03-8E1E-46CD-BF40-78BD27959879}" = lport=12345 | protocol=6 | dir=in | name=limewire port |
"{3AFE7376-93F0-4810-9D39-C0F87B0F1333}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3BB424A2-571E-4B0C-9888-CAF88444D907}" = lport=55372 | protocol=17 | dir=in | name=55372udp |
"{4586CE17-4891-4FAC-AF42-6016436594C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{472B4FDB-0324-4D16-97FB-FC5CB3C3C0AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5604CADC-F070-4C4D-A59F-11AFDA102B6E}" = lport=6881 | protocol=17 | dir=in | name=port 6881 udp |
"{5636888D-8404-4959-B000-A01A57BB6F3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C2DB69A-4772-40B4-8D02-DC28AD427D8F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{669009B2-4F97-4C42-8A07-6C3ABDFF95B8}" = lport=16236 | protocol=6 | dir=in | name=bt tcp |
"{72E125E6-7940-48FB-BF3C-A66BF1EB69E4}" = lport=6346 | protocol=17 | dir=in | name=limewireudp |
"{7D231D59-F025-45CC-A294-094ACB8629FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{826F9DDC-EB5F-4ED7-9E53-B9D9D6750530}" = lport=137 | protocol=17 | dir=in | app=system |
"{873A930C-D795-4AE9-867B-774E7B7EA93D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8D48A051-BCDC-42A6-A706-8E442D926FD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{900FCD35-C08F-4730-8B26-A329AFB2CBB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A539AE8-1768-4D7D-8642-9B566CF02FEB}" = lport=55372 | protocol=6 | dir=in | name=55372 |
"{A5F1FDFE-6A9E-4EAD-9065-D44A19052E7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A6BA020F-E0EB-4F81-AE9D-108A122950ED}" = lport=3724 | protocol=17 | dir=in | name=bliz 3724 udp |
"{AF7F1096-38C8-4A96-8C96-26C7F735EFB6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B62C328C-6591-4685-9330-40361D36CEAC}" = lport=12345 | protocol=17 | dir=in | name=limewire port udp |
"{BB8B4396-5660-4778-AF5B-4197EC671CF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{C37DCA9A-A11A-41F7-9705-39A1CC64C6F2}" = lport=6881 | protocol=6 | dir=in | name=port 6881 |
"{C75EBB23-9A38-4130-A872-1A75F16ABD68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE06508F-EEF6-496B-9A8B-F39834131B39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CF65C0F8-8A6C-4E8F-B3DF-F756DD29E0F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAF01C82-8884-40EA-A1B4-CD19CFBCF3A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F1C250F7-F194-4EF7-AFA0-62482AB45E1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8AEC2CB-59FA-4113-899E-16AB5B525ED3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9BD91C4-0200-43BD-B84D-E27C410E7D88}" = lport=4321 | protocol=17 | dir=in | name=limewire2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5CB87E-8D75-44B9-B636-6D91199706CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{0E4943FD-9927-4025-A3C0-6D9DF0EBE832}" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\wh2jc0lv\wowclient-downloader[1].exe |
"{109763EE-1F81-4278-8F9E-3101E142972F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A2365DA-7238-4F17-AB92-7CCC64DC7EFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{209DE77C-8356-41D8-89AE-CF2C90584D9E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{219FC75D-0919-42E6-9BF0-420CE096EB77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22710A98-12B6-4BA8-970A-CC5193A07126}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{229CE328-93A5-43C6-A4A1-30FBBB3735A8}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{22E26942-C8AA-4B7D-90CD-440FF3F0901B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2E4B7800-4700-4FC7-B75C-DA8CB662BB15}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{34883DD9-C25D-46C3-92DE-49B5DD86E7B3}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{36787825-094A-4597-8946-9F42EE980DA4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{384AD7AD-A09A-42EE-9C9A-59D19101FB4B}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{38F9C1BA-235A-41B8-9465-1C8CBAE190EF}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{3AB50ECA-A65B-4B57-9C3C-015AD0232499}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3AF7E9E9-AA18-417C-B3AD-6F86892AC9FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C0EDE0F-B418-49B2-B008-FB7497838964}" = protocol=6 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2009\pcm.exe |
"{4164413D-F4F5-479C-AA9A-2DAA9FC77BFE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{487239FA-92C1-455E-84E2-D9BB523867B1}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{499B4C29-4DC9-4650-804D-3145CB8DBBEF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4CDC5785-B199-45BF-9EC1-9262995B6544}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4D5751DC-D888-4F6F-B114-9510DDC15038}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4EB714F6-2754-4A70-986E-85B6749D99DD}" = protocol=17 | dir=in | app=c:\users\mercuri family\downloads\starcraft_2_na_en-us(6).exe |
"{511C402D-B70C-4210-A620-A31C7EE39153}" = protocol=6 | dir=in | app=c:\users\mercuri family\downloads\starcraft_2_na_en-us(6).exe |
"{528AE2D4-61B0-44B8-8430-1B7376E7AED5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{528CCF60-9793-477B-A294-0C129E9FAC8A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5C5C081A-B75D-4C41-90EB-416894A8DC7F}" = protocol=17 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2009\pcm.exe |
"{5D2E2014-264E-4386-ACC1-A67EA1E083B2}" = protocol=6 | dir=in | app=h:\empire earth 3\ee3.exe |
"{630C12EF-8B21-414D-8DAC-0989D03E41F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64866452-93A9-4A1F-8488-0F58D57BDA5B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{648778A4-5953-4C09-96D9-A73947E1CCA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64ED94D4-9685-4F4B-B01D-A9AD3C89DF8B}" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\wh2jc0lv\wowclient-downloader[1].exe |
"{66A788B7-D759-4F85-A1AA-CD714EABCBD3}" = protocol=17 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2009\autorun\exe\autorun.exe |
"{67328F52-166C-4BC1-AD11-35459A347AE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{674A3874-6F93-427A-815C-6A3700D914F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{69B46FCE-1F4F-4E4B-8E15-D8A7B164446B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F41D183-ED4C-458F-9CCF-A0DFFCDCA7E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{713DD4F3-BD85-4AF4-9D48-E74DA5056EFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73964E8F-04BF-419C-AA18-BAA5A4A09F7B}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{742A1159-F94A-4FDE-89EB-A7E9B4D47802}" = protocol=58 | dir=in | app=system |
"{7508CB35-BB9F-43E0-9ECF-627F7BB15C95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A6B2C94-E2A5-45C3-A460-1FF4D7938B8E}" = protocol=6 | dir=in | app=h:\sc\starcraft ii\versions\base15405\sc2.exe |
"{7B0549C3-4710-46EF-B608-47DD70117CC3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{7BB1AFE5-E4B5-4F3D-8C8E-DEE4496443FC}" = protocol=6 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2009\autorun\exe\autorun.exe |
"{7C641F38-5188-4FF0-AB7C-E5544E0C07EA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7FA45FA5-FD66-41C3-88DE-A1BA5E86AFAE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{833A63D4-C0B8-4F58-B109-9658099DF04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84577652-63B8-47D4-A978-4E33CF0510A5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{84CA790C-F768-40A0-AC65-77323EB4C6AB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8F470322-B70B-4FE1-A40B-AE2B50E0E624}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{92C3A6D3-4847-40D3-9600-1250D2CCA80B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{960EC65D-33D1-4BA3-AFFD-4471557E33B0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9635F35F-4237-4FE3-904B-D47A6FA28C3E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{979EE268-702A-4D9D-B9C5-E812C74C0344}" = protocol=6 | dir=in | app=h:\sc\starcraft ii\starcraft ii.exe |
"{97B8CB53-88F0-4234-BC1E-62CE2C360612}" = protocol=17 | dir=in | app=h:\sc\starcraft ii\starcraft ii.exe |
"{9AD1E4C3-77CF-403C-AB95-047B6939118A}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{A478CE9D-5408-4D3E-95EF-895197788B2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD5877B6-D0CC-4B41-93FA-E88D5A0BC694}" = protocol=6 | dir=out | app=system |
"{AF78BBF9-4FFB-4E15-A2E6-6841AB523AFE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B03836E7-6330-4091-A6F0-731B5AA4D5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7E2EEB4-6DBD-423B-8AE4-9B7E64C91CB0}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{BE8A2F42-CB2D-4C71-8E11-26B28B08477B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{BFB38B0A-5FCF-4DD7-B00C-F1F5E7D2843E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C393CD64-9DEF-4FAC-9F2E-ED5DCE27BF00}" = protocol=17 | dir=in | app=c:\users\mercuri family\downloads\starcraft_2_na_en-us (1).exe |
"{C8100A48-5DF2-4842-B313-34A0879384C3}" = protocol=6 | dir=in | app=c:\users\mercuri family\downloads\starcraft_2_na_en-us (1).exe |
"{CD8612F9-CE2D-49BC-92AD-157F6406FA15}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1947C86-5815-4F23-A077-969A9F211A50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D3CB36F7-5AE6-428A-B835-AA74EF9FFA32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-enus-win-final-downloader.exe |
"{D4DC0796-B9EE-44B7-BAB3-82E61C3B97C9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D6E315D0-ABB0-4737-9F0D-31370BA95004}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D9C28696-EE39-41A2-95A4-6230FE628CBC}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{DA3D6FD3-CECB-4AE5-A55C-684A911B1E54}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-enus-win-final-downloader.exe |
"{DB311260-976A-4957-BFA7-EA64B0F796C9}" = protocol=17 | dir=in | app=h:\sc\starcraft ii\versions\base15405\sc2.exe |
"{DF00D3ED-52AD-41A7-AD25-7B4C5B86B4ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFD8A2FC-C970-4A5C-BDBB-2660CF88E4B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E03E48C6-8354-4987-A92D-8A58B67CC4BB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{E3EDF9A2-5501-4B7A-BEC1-4D091ABC34A4}" = protocol=17 | dir=in | app=h:\empire earth 3\ee3.exe |
"{E4581A1B-B4F9-4D28-BCC8-28E192AB114E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{EA568511-782B-4BF5-9FDD-48C5E500A1E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ECFFD4C7-29AC-4CDE-9E88-12D3BE0C469A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EDD2D954-88F9-40C1-BF0E-82B6B3F88C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F390CC8B-A6A0-4AE0-92C7-2EB6C9026FCC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7C7FEFB-249A-4121-AD56-54BFCE3C3ACE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9D7D91A-EBFC-4A09-B41E-E143BA97CAB7}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{0187CC7B-25DA-45C3-92C8-3E0D866753F7}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0692097A-E6F3-4FBC-B6D0-AEC885989A2F}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"TCP Query User{0D7347CF-BFAA-4F5A-ABF6-648AA96D1B75}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[2].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[2].exe |
"TCP Query User{13C30BA5-1F8B-4A09-A76F-7341E346F9D2}C:\program files\world of warcraft\wowtest\wow-0.2.0.7125-to-0.2.0.7153-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7125-to-0.2.0.7153-enus-downloader.exe |
"TCP Query User{2083B8DF-3613-41FA-AF2E-A4CBB861A373}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"TCP Query User{2168A914-2893-44AD-BDC5-FC96053E642F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{22BB2617-48B9-4687-A7D8-2BF09909C9E0}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{23FDDA03-AFF8-47E7-AFF1-D3ADAFDCD3AC}C:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{265F8AA6-B661-4F64-B5E7-A91622F6B1B1}C:\program files\world of warcraft\wowtest\wow-0.2.0.7091-to-0.2.0.7125-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7091-to-0.2.0.7125-enus-downloader.exe |
"TCP Query User{2A23CACB-130F-48BA-A6B8-9C7F68126178}C:\program files\microsoft games\allegiance\allegiance.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\allegiance\allegiance.exe |
"TCP Query User{2BE34C79-EA0B-41AA-88F6-C1867C0358D5}C:\program files\world of warcraft\wowtest\wow-0.3.2.7720-to-0.3.2.7741-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.3.2.7720-to-0.3.2.7741-enus-downloader.exe |
"TCP Query User{30DF4ED1-F0ED-43C7-93DD-C9A7B7FF01C5}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[1].exe |
"TCP Query User{34AA258C-8C4A-47A0-A1EB-A6082F44B831}C:\program files\steam\steamapps\demonic_ange\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\demonic_ange\counter-strike\hl.exe |
"TCP Query User{37D66B22-BB99-4482-AE0F-32FAEEF83184}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |
"TCP Query User{3BB82F3F-8BCC-442F-8463-7F8D95A4BCE2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{3D1BD9E4-CB6E-47A7-9E8C-616BFD81BEE3}C:\users\mercuri family\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{3EDF0179-9E15-4B60-A93B-8172485F4A69}C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe |
"TCP Query User{429FEF6A-E016-422C-9538-5C6BC0D22B62}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\p156dqg5\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\p156dqg5\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |
"TCP Query User{4436C9BF-7BEC-4449-A5BD-2D5C628EA314}C:\program files\world of warcraft\wowtest\wow-0.2.0.7153-to-0.2.0.7175-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7153-to-0.2.0.7175-enus-downloader.exe |
"TCP Query User{483210B2-5D6A-411A-BE79-B836FECD0891}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{492C0D1C-1CB7-4784-B11C-C72185ABA080}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{598B9B5E-4211-48F7-9C90-262660CE83F5}C:\program files\world of warcraft\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe |
"TCP Query User{611C7503-3E35-47E5-9A2D-C7FF44D704A4}C:\program files\steam\steamapps\mercurim\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mercurim\condition zero\hl.exe |
"TCP Query User{6C5ED951-1BAE-45BC-BC1B-024E2C0E4C13}C:\users\mercuri family\desktop\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\desktop\nba 2k10\nba2k10.exe |
"TCP Query User{6E0F99E1-0011-4421-BBE3-88888D8AA267}C:\program files\paradox interactive\east india company\eastindia.exe" = protocol=6 | dir=in | app=c:\program files\paradox interactive\east india company\eastindia.exe |
"TCP Query User{6E553B66-7A3A-4DC9-9443-D9A6BC7009F9}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{76F7C596-E008-4C39-B58C-30AD7FAD414A}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\e6uc1c5h\digital-download[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\e6uc1c5h\digital-download[1].exe |
"TCP Query User{789BFE4E-371A-4ADA-A906-814242F35528}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{7C726CBC-71ED-470E-AA1D-C6F46B22641B}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{7E08E911-1665-4A58-B76B-942E491D4822}H:\mlb222\mlb2k10.exe" = protocol=6 | dir=in | app=h:\mlb222\mlb2k10.exe |
"TCP Query User{7FD083D0-D030-46BD-8044-CE0DC4BE1063}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"TCP Query User{864FC7F4-1D2F-4C50-B388-97095A80F7D3}H:\pirates\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=h:\pirates\nba 2k10\nba2k10.exe |
"TCP Query User{8A8F7D1F-B82E-4BEE-9A3C-A7B89A0973E8}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"TCP Query User{8EFC62CE-0375-4FD1-ADC3-A03E79AE33E5}C:\users\mercuri family\appdata\local\temp\low\powerfootball\powerfootball-d3d9.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\temp\low\powerfootball\powerfootball-d3d9.exe |
"TCP Query User{9318E5A6-3D1B-4049-AAE8-69281BEE11B0}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{936D397F-9AC7-44C2-89A5-2E1CE3FF3562}C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe |
"TCP Query User{9EBE0E6F-65C6-44C5-8162-155889A85FD0}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"TCP Query User{AF11FDF1-404F-41D9-BF23-A3F061CC0162}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\2iwb0lj6\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\2iwb0lj6\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"TCP Query User{B12E5CAF-A21F-4339-A141-B66B2DC15736}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"TCP Query User{B8F36B9F-E58A-4A12-90B6-FD4BA55028F9}C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe |
"TCP Query User{BE0E161A-5C59-45F9-A61E-B8BE2E5DB185}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{BE816B8A-6159-4811-9485-8468AB101405}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{BEE8B7C3-48A7-46A3-AEF1-218596C044AB}C:\program files\steam\steamapps\demonic_ange\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\demonic_ange\half-life\hl.exe |
"TCP Query User{BFCF0C8E-25C6-462A-9DAE-41DD27CF9272}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\jxs3njuu\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\jxs3njuu\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"TCP Query User{C11F8C3D-484E-49EB-A9FD-B94799E55095}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"TCP Query User{C293C9AC-A1E1-494F-AD78-55CE56D5AD0B}C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe |
"TCP Query User{C4D91432-39A8-4A70-9A16-56712BCF0CE6}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[2].exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[2].exe |
"TCP Query User{C537C4B3-A68D-4F16-8A3F-045424F883D4}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{CA22745D-46C0-433F-A37F-D209B2B580D4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{DA34BEEE-05F2-4F8C-94C6-5298790EF660}C:\program files\steam\steamapps\mercurim\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mercurim\counter-strike\hl.exe |
"TCP Query User{DD52CC3C-0396-41A4-8A36-C860AFDA280C}C:\users\mercuri family\desktop\empire earth\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\desktop\empire earth\empire earth\empire earth.exe |
"TCP Query User{DE7B60B8-AFFB-4F55-BAC8-4529D3C9D482}C:\users\mercuri family\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\desktop\age of empires ii\empires2.exe |
"TCP Query User{DED6BF90-54ED-4220-871E-D1E741E10BC3}C:\users\mercuri family\desktop\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\desktop\nba 2k10\nba2k10.exe |
"TCP Query User{DF11F954-5750-487D-A934-919E2C0E53E5}H:\apbs\apb north america\binaries\apb.exe" = protocol=6 | dir=in | app=h:\apbs\apb north america\binaries\apb.exe |
"TCP Query User{E4465633-9A92-4FFB-9D12-7528951A2CC6}C:\users\mercuri family\desktop\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\desktop\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe |
"TCP Query User{E68A0637-05A1-46D2-B794-A66437570D06}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{E6E00D7E-D47A-440E-A151-A796097046DA}C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe |
"TCP Query User{EAE2B470-97B5-4981-B316-EE0F7F058D89}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{F410A214-32CB-4455-8566-391B6C3789C6}C:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{F8C4E30F-7803-4D92-8812-A71E44EE3213}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{FA98597C-D33B-40CA-86AD-3CFCFC707B6B}C:\python25\pythonw.exe" = protocol=6 | dir=in | app=c:\python25\pythonw.exe |
"UDP Query User{0081CF50-CFCD-4456-819A-3A249E34F21A}C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-enus-downloader.exe |
"UDP Query User{010D89ED-8C97-46CA-A750-D0DA6A8643EF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{020179A7-3B84-4D47-973C-56169AC2D85E}C:\users\mercuri family\desktop\empire earth\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\desktop\empire earth\empire earth\empire earth.exe |
"UDP Query User{0B5976A9-4DF4-493D-BAF1-5861B1E38BA5}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{0DC09CD2-E55A-4A40-B6B2-B0886EA2650A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{15F133B4-0110-4259-B768-72A66029EA0A}C:\users\mercuri family\desktop\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\desktop\nba 2k10\nba2k10.exe |
"UDP Query User{160B64C1-611E-471A-A4E5-4739A26CA0BF}C:\program files\world of warcraft\wowtest\wow-0.2.0.7091-to-0.2.0.7125-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7091-to-0.2.0.7125-enus-downloader.exe |
"UDP Query User{20C81BAE-F70F-4BDD-98A4-F01C9BDCB4D9}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[1].exe |
"UDP Query User{23DE8FA3-99D7-4C71-ADA5-6D69CF814ADF}C:\program files\paradox interactive\east india company\eastindia.exe" = protocol=17 | dir=in | app=c:\program files\paradox interactive\east india company\eastindia.exe |
"UDP Query User{26A62DAC-9054-4DF1-92D9-5A86DC16F57F}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{2E4F4C8F-87D0-4162-BDC8-29EBB103780C}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{2F72E545-853C-4328-A70E-5F0BD81BE515}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{30C2361F-6E50-4939-871C-36F31979B089}C:\users\mercuri family\desktop\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\desktop\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe |
"UDP Query User{3315C177-A889-481F-829D-D633DAF56514}C:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{3365E9E0-DCFE-4ED8-8989-ED9E48F03EB9}C:\users\mercuri family\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\desktop\age of empires ii\empires2.exe |
"UDP Query User{349B3217-6F6B-48F9-A4C5-013AC9DBCB43}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"UDP Query User{3573D869-F35F-4353-9488-D5F162CBC449}C:\program files\steam\steamapps\demonic_ange\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\demonic_ange\counter-strike\hl.exe |
"UDP Query User{3BE74E30-4E20-45E7-9A60-5B0C863D41ED}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{4266FF3E-01C6-4ABC-983B-9C0AF49AF1E0}C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe |
"UDP Query User{4BD8432E-CA79-420D-9D34-F3A6015181EF}C:\program files\world of warcraft\wowtest\wow-0.2.0.7153-to-0.2.0.7175-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7153-to-0.2.0.7175-enus-downloader.exe |
"UDP Query User{6240CF12-467C-440A-A407-7E9FC39C2A31}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{64682077-F8EB-4269-AB4D-FC75029F5453}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\p156dqg5\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\p156dqg5\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader[1].exe |
"UDP Query User{6559CEAA-6B40-492A-8315-E91B526C17B4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6653F53A-EDD8-4FD8-88CD-592C02E40401}C:\program files\steam\steamapps\mercurim\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mercurim\counter-strike\hl.exe |
"UDP Query User{68AB95E1-724F-4B34-B43F-EC938FC96A57}C:\program files\world of warcraft\wowtest\wow-0.3.2.7720-to-0.3.2.7741-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.3.2.7720-to-0.3.2.7741-enus-downloader.exe |
"UDP Query User{68C3326D-2378-4D5E-8C51-6F224FB4E3AE}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[2].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\hr09fu4z\digital-download[2].exe |
"UDP Query User{6B744E67-3006-4452-8524-BD5982D90ACD}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"UDP Query User{73A19DBE-D739-4446-A02C-90E22A56DC76}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{74FFB161-DB09-4FB1-8D74-FE6842140DED}C:\program files\steam\steamapps\mercurim\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mercurim\condition zero\hl.exe |
"UDP Query User{7578F704-552B-48B2-B144-6242C52EE5FF}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\e6uc1c5h\digital-download[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\e6uc1c5h\digital-download[1].exe |
"UDP Query User{7822DF60-E75F-4114-9D71-0F53BBA9C606}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"UDP Query User{7D9C4002-6180-4FC1-859A-E85B80C37511}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{816E2B4B-FA96-4673-AC99-CEF1D4CEBFAE}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"UDP Query User{82A07F12-A58A-4A4B-93CF-296EAD8DA938}C:\users\mercuri family\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{852DCA52-C0E3-48E2-A71E-CA8B9F7888CC}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |
"UDP Query User{8BF1F3C6-11C0-4AE9-8E4E-39D277A1268E}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{8CECFD22-FB49-4C7C-9178-4FA945777F9E}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{920DC10B-8300-44E9-84C8-D1CEAFB38610}H:\apbs\apb north america\binaries\apb.exe" = protocol=17 | dir=in | app=h:\apbs\apb north america\binaries\apb.exe |
"UDP Query User{9494E573-BB32-4EE0-A393-7D685AD31663}C:\program files\steam\steamapps\demonic_ange\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\demonic_ange\half-life\hl.exe |
"UDP Query User{95470AF6-52D9-4D0E-AA2E-83AF3788E4AF}C:\program files\microsoft games\allegiance\allegiance.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\allegiance\allegiance.exe |
"UDP Query User{98A3B005-65F3-4CBC-8C2C-A528F1A08C3B}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"UDP Query User{98AA0359-6A98-4F21-B7F0-158B9F4499C3}C:\python25\pythonw.exe" = protocol=17 | dir=in | app=c:\python25\pythonw.exe |
"UDP Query User{9CBA4796-93C2-43AD-BFFC-70A3D76533B3}C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe |
"UDP Query User{A1CFB535-7117-4A29-99AD-8896014A172C}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{A7120B04-E661-44B9-A4A6-151E069EBD51}C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe |
"UDP Query User{BCFAF96D-EB07-4E01-B0FA-79BD0B552609}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{BECA79ED-491F-4E61-A237-0F18E4E27780}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"UDP Query User{C0A9EDA6-E228-4C64-81E4-7A23FF4683D2}C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe |
"UDP Query User{C9DC4901-2C41-4E57-B085-98D7BF751C65}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[2].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\k20znxe9\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[2].exe |
"UDP Query User{D095CDA0-7BF1-4D01-919B-B3A4F87D24D8}C:\program files\world of warcraft\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader.exe |
"UDP Query User{D4DB7988-5661-4FF2-BEB0-4A6CF64B33BE}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{E08159A1-19F0-4115-B9E6-56B9EE7B4A7A}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\jxs3njuu\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\jxs3njuu\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"UDP Query User{E20BD674-7553-4E96-9F37-A7841B16BB13}C:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\2iwb0lj6\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\microsoft\windows\temporary internet files\content.ie5\2iwb0lj6\wow-2.1.3.6898-to-0.2.0.6932-enus-downloader[1].exe |
"UDP Query User{E3E3F152-9E79-45A3-BEAB-D0A708150684}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{E64C6E5D-4D0A-46ED-B817-5B64A1F3635B}C:\users\mercuri family\desktop\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\desktop\nba 2k10\nba2k10.exe |
"UDP Query User{E7705DAD-D815-4219-83B4-95C34EC46200}H:\pirates\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=h:\pirates\nba 2k10\nba2k10.exe |
"UDP Query User{E9EFC0FA-E22D-4F0C-B3D8-E5ED0977B1E8}C:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{EFC9B9D9-8906-42FA-9AFD-78A9C8287912}H:\mlb222\mlb2k10.exe" = protocol=17 | dir=in | app=h:\mlb222\mlb2k10.exe |
"UDP Query User{F601DB78-69C7-4977-BE37-9DF9D677A0E4}C:\users\mercuri family\appdata\local\temp\low\powerfootball\powerfootball-d3d9.exe" = protocol=17 | dir=in | app=c:\users\mercuri family\appdata\local\temp\low\powerfootball\powerfootball-d3d9.exe |
"UDP Query User{FDC2A3C6-D9FE-45FF-9ECD-8CDB283E67A3}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{FFE38AC2-F876-47B6-94CF-9C5D3596764F}C:\program files\world of warcraft\wowtest\wow-0.2.0.7125-to-0.2.0.7153-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wowtest\wow-0.2.0.7125-to-0.2.0.7153-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02592912-9C41-426D-85E3-5343A653BBB4}" = Sony Sound Series Loops and Samples Reference Library 2.51
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5211BF94-F97C-47E7-BC7C-BE804A79F8A2}" = MLB 2K10
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B75D41A-95DF-4CC0-BAB2-6EF0D5043A98}" = Rome - Total War - Gold Edition
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F1E9E57-DD22-11D5-8B43-00105A9846E9}" = FLEXnet Connect SDK
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A885BB70-FE0B-499F-94DF-13965FA72A32}" = Caesar™ IV
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C86A8B40-0702-45FA-BFEC-82B0C5932038}" = Sony Media Manager 2.1
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}" = HTC Sync
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED8677CF-FD9B-4BE8-ADC4-14FD9BB3D3CB}" = NDAS Software 3.61.2056
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"APB North America" = APB North America
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EA Download Manager" = EA Download Manager
"EADM" = EA Download Manager
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"LimeWire" = LimeWire 5.2.13
"MadTracker 2" = MadTracker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NBA 2K10" = NBA 2K10
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Shockwave" = Shockwave
"StarCraft II" = StarCraft II
"Steam App 630" = Alien Swarm
"Tropico3" = Tropico 3 1.00
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 13 August 2010 - 05:43 PM

No problem.
I see you have 2 antivirus programs running please remove one or the other you do not need 2 of them at the same time.

After that please do the following:
Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 13 August 2010 - 06:33 PM

I was unsure if you wanted it pasted or the actual file; I included both.


____________________________________________________


ComboFix 10-08-12.03 - mercuri family 13/08/2010 19:11:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.865 [GMT -4:00]
Running from: c:\users\mercuri family\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LHT56A7.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 23:24 . 2010-08-13 23:25 -------- d-----w- c:\users\mercuri family\AppData\Local\temp
2010-08-13 23:24 . 2010-08-13 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 21:44 . 2010-08-11 21:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-11 21:41 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-08-11 21:41 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-08-11 21:41 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-08-11 21:41 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-08-11 21:41 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-08-11 21:41 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-08-11 21:41 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-08-11 21:41 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-08-11 21:41 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-08-11 21:41 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-08-11 21:41 . 2010-08-11 21:41 -------- d-----w- C:\NVIDIA
2010-08-06 01:52 . 2010-08-06 01:52 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-03 01:57 . 2010-08-03 02:55 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-01 19:33 . 2010-08-01 19:33 -------- d-----w- c:\users\mercuri family\AppData\Roaming\Avira
2010-08-01 18:43 . 2010-08-01 18:43 -------- d-----w- c:\users\mercuri family\sc2
2010-08-01 15:49 . 2010-08-02 03:55 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-01 15:49 . 2010-08-02 03:55 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-01 15:49 . 2010-08-01 15:49 -------- d-----w- c:\programdata\Avira
2010-08-01 15:49 . 2010-08-01 15:49 -------- d-----w- c:\program files\Avira
2010-08-01 01:04 . 2010-08-06 01:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-22 16:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-22 16:53 . 2010-07-22 16:53 -------- d-----w- c:\program files\Panda Security
2010-07-21 01:11 . 2010-07-21 01:11 0 ----a-w- c:\windows\nsreg.dat
2010-07-21 01:11 . 2010-07-21 01:11 -------- d-----w- c:\users\mercuri family\AppData\Local\Mozilla
2010-07-21 00:56 . 2010-08-01 19:47 -------- d-----w- c:\program files\Steam
2010-07-20 22:06 . 2010-07-20 22:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-20 22:06 . 2010-07-20 22:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 21:04 . 2010-07-20 21:04 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-20 21:04 . 2010-07-20 21:04 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-20 21:02 . 2010-07-20 21:02 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-20 21:02 . 2010-07-20 21:02 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-20 21:02 . 2010-07-20 21:02 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-20 21:02 . 2010-07-20 21:02 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-20 20:59 . 2010-07-20 20:59 52224 ----a-w- c:\users\mercuri family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-20 20:59 . 2010-08-09 07:11 63488 ----a-w- c:\users\mercuri family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-20 20:59 . 2010-08-09 07:11 117760 ----a-w- c:\users\mercuri family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-20 19:39 . 2010-07-20 19:39 -------- d-----w- c:\users\mercuri family\AppData\Roaming\SUPERAntiSpyware.com
2010-07-20 19:39 . 2010-07-20 19:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-20 19:39 . 2010-08-09 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 23:10 . 2009-01-19 22:23 -------- d-----w- c:\programdata\NVIDIA
2010-08-13 22:57 . 2010-08-11 21:50 67949 ----a-w- c:\programdata\nvModes.dat
2010-08-13 22:53 . 2009-12-04 01:19 -------- d-----w- c:\programdata\avg9
2010-08-13 08:50 . 2009-08-01 02:22 -------- d-----w- c:\users\mercuri family\AppData\Roaming\BitTorrent
2010-08-11 21:46 . 2010-06-29 01:10 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-11 21:44 . 2007-04-11 00:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-20 20:50 . 2009-12-05 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 16:19 . 2008-07-02 19:37 -------- d-----w- c:\users\mercuri family\AppData\Roaming\IGN_DLM
2010-07-14 07:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-09 22:37 . 2010-08-11 21:41 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2009-04-30 17:56 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:37 . 2008-12-25 16:08 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2008-12-25 16:08 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 20:37 . 2010-07-09 20:37 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 17:46 . 2007-04-05 16:09 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-03 19:00 . 2008-05-03 18:36 138624 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 19:00 . 2008-05-03 18:36 218464 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-29 01:12 . 2008-05-03 18:36 138056 ----a-w- c:\users\mercuri family\AppData\Roaming\PnkBstrK.sys
2010-06-29 01:12 . 2008-05-03 18:36 138056 ----a-w- c:\users\mercuri family\AppData\Roaming\PnkBstrK.sys
2010-06-26 07:01 . 2008-02-10 23:57 -------- d-----w- c:\program files\Microsoft.NET
2010-06-19 02:06 . 2010-06-16 21:11 -------- d-----w- c:\users\mercuri family\AppData\Roaming\Tropico 3
2010-06-10 07:34 . 2007-04-10 20:26 99200 ----a-w- c:\users\mercuri family\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:20 . 2010-06-29 01:11 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-05-26 17:06 . 2010-06-09 23:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:56 289792 ----a-w- c:\windows\system32\atmfd.dll
2007-04-05 16:12 . 2007-04-05 16:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-21 68856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-09 2403568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\mercuri family\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-17 1831936]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-09 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-09 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-09 81920]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 282792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-26 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2009-8-22 282600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 08:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:41,7a,84,85,28,5d,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2010-02-11 24576]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-20 3314512]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-01 721904]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys [2009-08-23 340456]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys [2009-08-23 479720]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys [2009-08-23 787432]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-08-02 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-08-02 405672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:55]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:55]

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000Core.job
- c:\users\mercuri family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 02:14]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959800536-371527905-1580367355-1000UA.job
- c:\users\mercuri family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 02:14]

2010-08-13 c:\windows\Tasks\User_Feed_Synchronization-{E488470A-17C5-4D0A-943B-9981E01D1C03}.job
- c:\windows\system32\msfeedssync.exe [2008-09-11 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {59FCB003-A454-420E-A7EE-E94A48FA601B} = 207.164.234.129 207.164.234.193
FF - ProfilePath - c:\users\mercuri family\AppData\Roaming\Mozilla\Firefox\Profiles\baa9vhpi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\mercuri family\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-Mobile Connectivity Suite - c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 19:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86707B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x881a0d24
\Driver\ACPI -> acpi.sys @ 0x80693d68
\Driver\iaStor -> iastor.sys @ 0x8240f184
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3959800536-371527905-1580367355-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:96,8b,09,54,b1,28,9c,c9,a5,17,a7,a0,ce,a0,75,e5,d3,d3,d6,e9,48,bf,bc,
ba,b7,e8,f4,94,59,32,47,ad,4e,c3,5e,c7,e6,a3,13,0e,03,73,9b,f4,01,c5,2b,51,\
"??"=hex:cf,88,2f,43,10,20,4b,9d,7c,5a,e5,3a,1b,28,63,09

[HKEY_USERS\S-1-5-21-3959800536-371527905-1580367355-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,fa,52,d1,b3,6e,1f,16,e2,91,a6,77,64,a1,c7,63,85,4b,a3,dd,23,
2a,b0,24,ef,63,26,da,ff,da,0a,f8,01,79,c0,ad,29,94,eb,da,a2,bd,d1,ad,8f,f0,\
"rkeysecu"=hex:65,a4,68,c8,11,ab,71,91,4a,7f,b6,c2,f5,03,da,82
.
Completion time: 2010-08-13 19:29:27
ComboFix-quarantined-files.txt 2010-08-13 23:29

Pre-Run: 13,744,082,944 bytes free
Post-Run: 13,917,425,664 bytes free

- - End Of File - - 6FB0C357E128C4FF76FB1DEF2F55551D

Attached Files



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 14 August 2010 - 05:46 AM

  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 August 2010 - 08:37 AM

After running the program, I get the following message:
"
Physical Drive MBR status: Code faked!"

"Found non-standard or infected MBR."
It gives me two options: Yes (for other options), and No (to exit).

After hitting Yes, the 3 following options are
1) Dump the MBR of a physical disk to file.
2) Restore the MBR of a physical disk with a standard boot code.
3) Exit.

What should be my course of action? Waiting on your reply.

Thanks again!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 14 August 2010 - 08:44 AM

Please click on 1) Dump the MBR of a physical disk to file.
When prompted for a file name type in mbrdump then hit Enter.
Then you can close Mbrcheck.
The file will be on your desktop click Here to upload the file please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 14 August 2010 - 07:05 PM

Kahdah,

I have submitted my mbrdump file as you requested.


The file only contains information from my first physical drive, the one that says "Code Faked." Please notify if you need the dump from the other drive.

Thanks in advance.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 15 August 2010 - 07:03 AM

Hi
Yes that mbr is infected.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the malware has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to proceed

==========================

Run mbrcheck once more when it gets to this part:
QUOTE
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Choose option 2
WHen asked for the physical disk number type in the number 0
When asked what MBR code to write to this drive: type the number for Vista may be 3
Then hit Enter.
Then type in Yes
Then press Enter to exit the program.

After that restart and see if the warnings are gone.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 15 August 2010 - 11:21 AM

Let's try to get rid of this malware.

I did as you instructed, with dumping the MBR, twice. However, after the reboot, I clicked on the MBR program and it still said the code is faked for the physical drive 0.

Are there any other things I could do?

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 15 August 2010 - 11:49 AM

Hi dumping does not remove it ,that only makes a copy.
Please reread my instructions above.
You need to choose option 2 to write a new mbr code.
Make sure to choose Vista.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 15 August 2010 - 12:08 PM

sorry kahdah that is what I meant. I chose option 2 and had the same results.

After "Restore the MBR of a physical disk with a standard boot code." and after the restart, it still showed as a code is faked.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 PM

Posted 15 August 2010 - 12:44 PM

Ok do you have access to a vista disk?

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 mercmania

mercmania
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 15 August 2010 - 02:53 PM

yes i do have access to the vista disk.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users