Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor Logs


  • This topic is locked This topic is locked
5 replies to this topic

#1 Burter

Burter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 August 2010 - 10:08 PM

DDS (Ver_10-03-17.01) - NTFSX64
Run by aofhxc at 16:09:45.46 on Sun 08/15/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4093.2350 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\aofhxc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files (x86)\kikin\ie_kikin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HDAudDeck] "c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe" -r
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\aofhxc\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: line6.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
AppInit_DLLs: c:\windows\syswow64\guard32.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun-x64: [systray] systray.exe
mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
AppInit_DLLs-X64: c:\windows\system32\guard64.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\aofhxc\appdata\roaming\mozilla\firefox\profiles\9trlodpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {16E7B7CE-7B3F-4150-90C7-9D1EB663CC0D} - c:\users\aofhxc\appdata\local\{16e7b7ce-7b3f-4150-90c7-9d1eb663cc0d}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2006-10-31 14136]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2009-2-6 26472]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 236112]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 33208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-2 202752]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-8-14 304464]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-2 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-2 188928]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-8-21 56832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-14 24664]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\drivers\Rtnic64.sys [2006-11-2 55640]
R3 SaiKF622;SaiKF622;c:\windows\system32\drivers\SaiKF622.sys [2009-6-10 140800]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-11-18 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-6-23 1301504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-8-1 89920]
S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB64.sys [2008-11-6 830592]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S4 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2009-11-19 666360]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~2\speedb~1\VideoAcceleratorService.exe -start -scm [?]

=============== Created Last 30 ================

2010-08-15 19:23:00 0 d-----w- c:\programdata\Comodo
2010-08-15 19:08:04 0 d-----w- c:\program files\COMODO
2010-08-15 19:04:25 0 d-----w- c:\programdata\Comodo Downloader
2010-08-15 18:27:42 0 d-----w- c:\programdata\Sun
2010-08-15 18:26:59 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-08-15 18:26:59 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-15 18:26:59 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-15 18:26:59 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-15 18:14:04 0 d-----w- c:\programdata\F-Secure
2010-08-15 05:07:34 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-15 05:07:28 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-15 05:07:08 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-15 05:07:04 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 05:07:03 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-15 05:07:03 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-15 05:07:02 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-15 05:07:01 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 05:07:00 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-15 05:07:00 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-15 05:03:25 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-15 05:03:25 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-15 02:24:32 0 d-----w- c:\users\aofhxc\appdata\roaming\Malwarebytes
2010-08-15 02:24:21 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 02:24:21 0 d-----w- c:\programdata\Malwarebytes
2010-08-15 02:24:21 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-15 00:51:13 0 d-----w- c:\programdata\avg9
2010-08-15 00:42:45 0 d-----w- c:\programdata\Update
2010-08-15 00:42:37 5 ----a-w- C:\zrpt.xml
2010-08-14 23:52:43 343 ----a-w- c:\windows\doom3.ini
2010-08-14 23:47:58 0 d-----w- c:\program files (x86)\DOOM 3
2010-08-14 05:46:44 0 d-----w- c:\program files (x86)\MediaCoder
2010-08-14 03:31:09 0 d-----w- c:\program files (x86)\Fraps3
2010-08-13 23:33:18 819200 ----a-w- c:\windows\syswow64\xvidcore.dll
2010-08-13 23:33:18 77824 ----a-w- c:\windows\syswow64\xvid.ax
2010-08-13 23:33:18 180224 ----a-w- c:\windows\syswow64\xvidvfw.dll
2010-08-13 23:33:18 0 d-----w- c:\program files (x86)\Xvid
2010-08-13 15:10:04 0 d-----w- c:\program files (x86)\Skulltag
2010-08-11 17:26:02 285 ----a-w- c:\windows\EReg072.dat
2010-08-11 17:22:56 0 d-----w- C:\Sshock2
2010-08-11 17:22:36 327168 ----a-w- c:\windows\IsUninst.exe
2010-08-10 21:42:42 2829 ----a-w- c:\windows\DiabUnin.pif
2010-08-10 21:42:42 118784 ----a-w- c:\windows\DiabUnin.exe
2010-08-10 21:42:37 7176 ----a-w- c:\windows\DiabUnin.dat
2010-08-10 21:42:37 0 d-----w- c:\program files (x86)\Diablo
2010-08-08 23:23:45 411480 ----a-w- c:\windows\syswow64\tsccvid.dll
2010-08-08 23:23:44 0 d-----w- c:\windows\syswow64\QuickTime
2010-08-08 23:23:03 0 d-----w- c:\program files (x86)\common files\TechSmith Shared
2010-08-08 23:23:01 0 d-----w- c:\programdata\TechSmith
2010-08-08 23:17:35 0 d-----w- c:\program files (x86)\AVG
2010-08-08 20:19:53 73728 ----a-w- c:\windows\system\vdremote.dll
2010-08-08 20:19:53 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-08-08 18:47:26 0 d-----w- c:\users\aofhxc\appdata\roaming\Aegisub
2010-08-08 18:46:58 0 d-----w- c:\program files (x86)\Aegisub
2010-08-07 22:14:58 0 d-----w- c:\program files (x86)\CamStudio
2010-08-07 21:46:10 0 d-----w- c:\users\aofhxc\appdata\roaming\Broad Intelligence
2010-08-07 21:43:55 0 d-----w- c:\program files\MediaCoder
2010-08-05 23:03:04 0 d-----w- c:\program files (x86)\Black Isle
2010-08-02 00:33:36 0 d-----w- c:\windows\syswow64\vi-VN
2010-08-02 00:33:36 0 d-----w- c:\windows\syswow64\eu-ES
2010-08-02 00:33:36 0 d-----w- c:\windows\syswow64\ca-ES
2010-08-02 00:33:36 0 d-----w- c:\windows\system32\vi-VN
2010-08-02 00:33:36 0 d-----w- c:\windows\system32\eu-ES
2010-08-02 00:33:36 0 d-----w- c:\windows\system32\ca-ES
2010-08-01 18:42:58 0 d-----w- c:\windows\system32\EventProviders
2010-08-01 18:40:59 506880 ----a-w- c:\windows\system32\imapi2.dll
2010-08-01 18:39:59 894976 ----a-w- c:\windows\system32\azroles.dll
2010-08-01 18:38:59 99840 ----a-w- c:\windows\syswow64\ulib.dll
2010-08-01 18:37:59 93696 ----a-w- c:\windows\syswow64\eappgnui.dll
2010-08-01 18:35:47 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-01 18:35:47 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-08-01 18:35:47 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-08-01 18:35:44 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2010-08-01 18:35:38 293888 ----a-w- c:\windows\system32\wdscore.dll
2010-08-01 18:35:38 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2010-08-01 18:35:23 315904 ----a-w- c:\windows\system32\drvstore.dll
2010-08-01 17:51:12 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-01 17:51:12 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-01 17:51:12 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-01 17:51:12 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-01 17:51:12 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-01 17:51:12 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-01 17:51:12 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-01 17:51:12 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-01 17:51:12 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-01 17:51:12 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-01 07:56:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-08-01 07:56:44 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-08-01 07:56:44 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-08-01 07:56:44 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-08-01 07:56:37 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-08-01 07:56:33 84480 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-01 07:56:33 67072 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-08-01 07:56:09 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-08-01 07:56:09 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-30 02:25:34 0 d-----w- c:\windows\syswow64\AGEIA
2010-07-30 02:23:58 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-30 02:23:58 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-07-30 02:23:58 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-30 02:23:58 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-07-30 02:23:56 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-30 02:23:56 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-07-26 01:26:45 2311 ----a-w- c:\users\aofhxc\.recently-used.xbel
2010-07-23 15:56:19 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2010-07-23 15:56:19 302112 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2010-07-23 15:56:19 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

==================== Find3M ====================

2010-08-15 19:08:53 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-15 19:08:52 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-15 19:08:46 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 17:25:30 4608 ----a-w- c:\windows\syswow64\w95inf32.dll
2010-08-11 17:25:30 2272 ----a-w- c:\windows\syswow64\w95inf16.dll
2010-08-02 00:33:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-01 18:50:33 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-07-02 14:21:23 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-15 01:47:24 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2010-06-15 01:47:22 84992 ----a-w- c:\windows\system32\frapsv64.dll
2010-06-02 00:00:52 278288 ----a-w- c:\windows\syswow64\guard32.dll
2010-06-02 00:00:46 354032 ----a-w- c:\windows\system32\guard64.dll
2010-05-27 20:08:17 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:11:23.86 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-15 17:27:59
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xA4 0x5F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x79 0xE8 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA3 0xBD 0x04 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD6 0xAD 0x84 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCE 0x4F 0x15 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x0F 0x80 0x65 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xA4 0x5F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x79 0xE8 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA3 0xBD 0x04 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD6 0xAD 0x84 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCE 0x4F 0x15 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x0F 0x80 0x65 0xA5 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid 0 bytes

---- EOF - GMER 1.0.15 ----






Edit (added OTL log from AII)~~boopme
OTL logfile created on: 8/15/2010 10:09:40 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\aofhxc\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 193.39 Gb Free Space | 41.52% Space Free | Partition Type: NTFS
Drive D: | 29.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AOFHXC-PC
Current User Name: aofhxc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 22:09:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aofhxc\Desktop\OTL.exe
PRC - [2010/07/24 14:43:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 19:35:37 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/05/07 08:42:37 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/08/18 10:21:38 | 000,486,865 | ---- | M] () -- C:\Users\aofhxc\Documents\ultima\HLDJ\hldj.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe


========== Modules (SafeList) ==========

MOD - [2010/08/15 22:09:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aofhxc\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2008/01/20 21:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2006/11/02 04:46:04 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/01 19:00:54 | 002,348,600 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/03/02 23:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/04/11 02:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 02:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/07/19 19:35:37 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/23 17:43:26 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/09/16 09:20:24 | 000,666,360 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [File_System | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/03/02 23:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/02 23:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 22:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/09 11:53:34 | 000,302,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/01/28 09:33:34 | 000,114,176 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/21 21:38:15 | 000,056,832 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2009/08/08 12:16:58 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/06/10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009/06/10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009/06/10 11:14:20 | 000,140,800 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiKF622.sys -- (SaiKF622)
DRV:64bit: - [2009/04/10 23:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/02/06 20:08:25 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/06 18:59:54 | 000,830,592 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\L6TPortB64.sys -- (L6TPortB)
DRV:64bit: - [2007/11/13 11:54:08 | 000,026,472 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2c64.sys -- (BS_I2cIo)
DRV:64bit: - [2006/10/31 02:25:01 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/09/18 16:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV - [2010/01/19 18:02:17 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/10/31 02:25:01 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2006/04/13 15:33:28 | 000,008,192 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2c64.sys -- (BS_I2cIo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {16E7B7CE-7B3F-4150-90C7-9D1EB663CC0D}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "proxy"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{16E7B7CE-7B3F-4150-90C7-9D1EB663CC0D}: C:\Users\aofhxc\AppData\Local\{16E7B7CE-7B3F-4150-90C7-9D1EB663CC0D}\ [2010/08/14 19:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 14:43:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/15 13:26:59 | 000,000,000 | ---D | M]

[2010/08/07 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Extensions
[2010/08/07 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/08/15 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions
[2009/09/02 14:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/28 18:44:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/08/14 23:58:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/15 14:12:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/15 13:52:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/15 14:19:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\aofhxc\AppData\Roaming\Mozilla\Firefox\Profiles\9trlodpj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/15 14:19:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/15 13:27:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/31 10:23:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/26 16:16:08 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/08/15 13:57:45 | 000,416,748 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14386 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [systray] C:\Windows\SysNative\systray.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\aofhxc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/22 22:05:01 | 002,445,824 | R--- | M] (Comtrend Corporation Inc. ) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/05 01:47:28 | 000,022,486 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/12/22 22:05:23 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/12/22 22:05:43 | 002,013,099 | R--- | M] () - D:\autorun.tgt -- [ CDFS ]
O33 - MountPoints2\{0dff3eaa-11aa-11df-b226-00e04d745918}\Shell\AutoRun\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{0dff3eaa-11aa-11df-b226-00e04d745918}\Shell\RoboForm2Go\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{2f14577b-7953-11df-9ab7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2f14577b-7953-11df-9ab7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008/12/22 22:05:01 | 002,445,824 | R--- | M] (Comtrend Corporation Inc. )
O33 - MountPoints2\{d0574692-843f-11de-8ed4-00e04d745918}\Shell - "" = AutoRun
O33 - MountPoints2\{d0574692-843f-11de-8ed4-00e04d745918}\Shell\AutoRun\command - "" = E:\Setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{d0574692-843f-11de-8ed4-00e04d745918}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/15 22:09:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\aofhxc\Desktop\OTL.exe
[2010/08/15 18:08:09 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/15 18:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/15 18:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/15 18:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/15 18:06:48 | 009,242,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\aofhxc\Desktop\SUPERAntiSpyware.exe
[2010/08/15 14:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/08/15 14:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/15 14:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/15 13:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/15 13:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/15 13:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/08/14 21:24:32 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\Malwarebytes
[2010/08/14 21:24:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/14 21:24:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/14 21:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/14 21:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/14 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\{16E7B7CE-7B3F-4150-90C7-9D1EB663CC0D}
[2010/08/14 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\lxxtunagd
[2010/08/14 19:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 19:42:29 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\Windows Server
[2010/08/14 18:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOOM 3
[2010/08/14 00:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder
[2010/08/13 22:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps3
[2010/08/13 18:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2010/08/13 10:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skulltag
[2010/08/11 12:25:37 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2010/08/11 12:22:56 | 000,000,000 | ---D | C] -- C:\Sshock2
[2010/08/10 16:42:42 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/08/10 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo
[2010/08/08 18:26:19 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\TechSmith
[2010/08/08 18:24:03 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Documents\Camtasia Studio
[2010/08/08 18:23:45 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/08/08 18:23:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/08/08 18:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/08/08 18:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/08/08 18:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/08/08 18:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/08/08 15:19:53 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System\vdremote.dll
[2010/08/08 15:19:53 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System\vdsvrlnk.dll
[2010/08/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Desktop\VirtualDub
[2010/08/08 15:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010/08/08 13:47:26 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\Aegisub
[2010/08/08 13:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aegisub
[2010/08/07 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/08/07 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\Broad Intelligence
[2010/08/07 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\Broad Intelligence
[2010/08/07 16:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/08/05 18:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle
[2010/08/05 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Desktop\GC ISOS
[2010/08/05 15:48:52 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Documents\PCSX2
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/08/01 19:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/08/01 13:42:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/07/31 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Documents\Bioshock
[2010/07/31 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\Bioshock
[2010/07/29 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Documents\BioWare
[2010/07/29 21:25:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/07/23 10:56:19 | 000,302,112 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2010/07/23 10:56:19 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010/07/03 16:11:42 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Desktop\Fear Before The March of Flames - The Always Open Mouth
[2010/07/02 09:25:52 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\Documents\Rockstar Games
[2010/07/02 09:22:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/07/02 09:21:36 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Local\Rockstar Games
[2010/07/02 09:21:24 | 000,000,000 | RH-D | C] -- C:\Users\aofhxc\AppData\Roaming\SecuROM
[2010/07/02 09:21:23 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/06/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/06/23 19:30:19 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010/06/23 19:30:19 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010/06/23 19:30:19 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/06/23 19:30:19 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/06/23 19:30:19 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010/06/15 21:49:41 | 000,000,000 | ---D | C] -- C:\Users\aofhxc\AppData\Roaming\Download Manager
[2010/06/14 20:47:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/14 20:47:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2010/05/18 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/15 22:12:48 | 054,525,952 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat
[2010/08/15 22:09:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aofhxc\Desktop\OTL.exe
[2010/08/15 21:38:11 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 21:38:11 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 19:38:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/15 19:38:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/15 19:36:48 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TMContainer00000000000000000001.regtrans-ms
[2010/08/15 19:36:48 | 000,065,536 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TM.blf
[2010/08/15 19:36:47 | 002,078,467 | -H-- | M] () -- C:\Users\aofhxc\AppData\Local\IconCache.db
[2010/08/15 18:07:48 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/15 18:07:00 | 009,242,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\aofhxc\Desktop\SUPERAntiSpyware.exe
[2010/08/15 17:41:51 | 000,000,680 | ---- | M] () -- C:\Users\aofhxc\AppData\Local\d3d9caps.dat
[2010/08/15 16:04:01 | 000,525,824 | ---- | M] () -- C:\Users\aofhxc\Desktop\dds.scr
[2010/08/15 14:31:04 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/15 14:08:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/08/15 13:57:45 | 000,416,748 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/15 00:31:26 | 000,789,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 00:31:26 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 00:31:26 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/15 00:24:51 | 000,231,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/14 23:57:50 | 000,000,996 | ---- | M] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/14 23:57:50 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/14 22:28:26 | 000,027,208 | ---- | M] () -- C:\Users\aofhxc\Documents\cc_20100814_222820.reg
[2010/08/14 21:22:02 | 000,363,520 | ---- | M] () -- C:\Users\aofhxc\Desktop\iexploe.com
[2010/08/14 19:42:48 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/14 19:06:21 | 000,000,857 | ---- | M] () -- C:\Users\aofhxc\Desktop\Doom3.lnk
[2010/08/14 18:52:43 | 000,000,343 | ---- | M] () -- C:\Windows\doom3.ini
[2010/08/14 18:39:54 | 000,069,632 | ---- | M] () -- C:\Users\aofhxc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 00:46:50 | 000,000,896 | ---- | M] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2010/08/14 00:46:50 | 000,000,872 | ---- | M] () -- C:\Users\aofhxc\Desktop\MediaCoder.lnk
[2010/08/13 22:31:09 | 000,000,811 | ---- | M] () -- C:\Users\aofhxc\Desktop\Fraps.lnk
[2010/08/13 19:03:21 | 197,243,958 | ---- | M] () -- C:\Users\aofhxc\Desktop\lpheretic1.avi
[2010/08/11 12:26:02 | 000,000,285 | ---- | M] () -- C:\Windows\EReg072.dat
[2010/08/10 16:45:06 | 000,007,176 | ---- | M] () -- C:\Windows\DiabUnin.dat
[2010/08/10 16:42:42 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DiabUnin.exe
[2010/08/10 16:42:42 | 000,002,829 | ---- | M] () -- C:\Windows\DiabUnin.pif
[2010/08/08 18:23:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/08 13:47:01 | 000,000,928 | ---- | M] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Aegisub.lnk
[2010/08/01 19:42:57 | 000,000,973 | ---- | M] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/01 19:40:28 | 000,743,848 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/25 20:26:45 | 000,002,311 | ---- | M] () -- C:\Users\aofhxc\.recently-used.xbel
[2010/07/23 10:55:28 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/07/23 10:17:44 | 000,027,840 | ---- | M] () -- C:\Users\aofhxc\Documents\cc_20100723_101738.reg
[2010/07/18 13:32:37 | 000,004,990 | ---- | M] () -- C:\Users\aofhxc\Documents\cc_20100718_133231.reg
[2010/07/02 09:21:23 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/06/20 18:57:37 | 000,000,968 | ---- | M] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/19 15:16:13 | 000,003,132 | ---- | M] () -- C:\Users\aofhxc\Documents\cc_20100619_151607.reg
[2010/06/16 09:35:52 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 09:33:28 | 000,001,460 | ---- | M] () -- C:\Users\aofhxc\AppData\Local\d3d9caps64.dat
[2010/06/16 09:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 09:21:07 | 000,065,536 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TM.blf
[2010/06/14 20:47:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/14 20:47:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2010/06/14 11:51:44 | 000,000,033 | ---- | M] () -- C:\Windows\lg.ini
[2010/05/21 10:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TMContainer00000000000000000002.regtrans-ms
[2010/05/21 07:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/21 07:45:20 | 000,065,536 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TM.blf
[2010/05/19 03:40:39 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 14:25:02 | 000,524,288 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{5d594d3f-89b6-11de-b08a-00e04d745918}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 14:25:02 | 000,065,536 | -HS- | M] () -- C:\Users\aofhxc\ntuser.dat{5d594d3f-89b6-11de-b08a-00e04d745918}.TM.blf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 18:07:48 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/15 17:41:51 | 000,000,680 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\d3d9caps.dat
[2010/08/15 16:06:34 | 000,293,376 | ---- | C] () -- C:\Users\aofhxc\Desktop\gmer.exe
[2010/08/15 16:04:00 | 000,525,824 | ---- | C] () -- C:\Users\aofhxc\Desktop\dds.scr
[2010/08/15 14:31:04 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/15 14:08:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/08/15 00:12:15 | 000,233,546 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_ATL90SP1_KB973924MSI7C22.txt
[2010/08/15 00:12:14 | 000,015,358 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_ATL90SP1_KB973924UI7C22.txt
[2010/08/14 23:57:50 | 000,000,996 | ---- | C] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/14 23:57:50 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/14 22:28:22 | 000,027,208 | ---- | C] () -- C:\Users\aofhxc\Documents\cc_20100814_222820.reg
[2010/08/14 21:22:03 | 000,363,520 | ---- | C] () -- C:\Users\aofhxc\Desktop\iexploe.com
[2010/08/14 19:42:37 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/14 19:03:37 | 000,000,857 | ---- | C] () -- C:\Users\aofhxc\Desktop\Doom3.lnk
[2010/08/14 18:52:43 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2010/08/14 00:46:50 | 000,000,896 | ---- | C] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2010/08/14 00:46:50 | 000,000,872 | ---- | C] () -- C:\Users\aofhxc\Desktop\MediaCoder.lnk
[2010/08/13 22:31:09 | 000,000,811 | ---- | C] () -- C:\Users\aofhxc\Desktop\Fraps.lnk
[2010/08/13 18:48:40 | 197,243,958 | ---- | C] () -- C:\Users\aofhxc\Desktop\lpheretic1.avi
[2010/08/13 18:33:18 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/13 18:33:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/13 18:33:18 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/08/11 12:26:02 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/08/11 12:25:32 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/08/11 12:25:32 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2010/08/10 16:42:42 | 000,002,829 | ---- | C] () -- C:\Windows\DiabUnin.pif
[2010/08/10 16:42:37 | 000,007,176 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/08/08 18:23:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/08/08 13:47:03 | 000,374,084 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_vcredistMSI48D7.txt
[2010/08/08 13:47:03 | 000,011,402 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_vcredistUI48D7.txt
[2010/08/08 13:47:01 | 000,000,928 | ---- | C] () -- C:\Users\aofhxc\Application Data\Microsoft\Internet Explorer\Quick Launch\Aegisub.lnk
[2010/08/01 13:41:54 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/08/01 13:41:54 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/08/01 13:41:02 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010/08/01 13:41:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/01 13:40:44 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010/08/01 13:40:43 | 000,034,699 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2010/08/01 13:40:20 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010/08/01 13:40:17 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010/08/01 13:40:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/01 13:40:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/08/01 13:40:09 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010/08/01 13:40:09 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010/08/01 13:40:08 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010/08/01 13:39:31 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010/08/01 13:39:27 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010/08/01 13:39:27 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010/08/01 13:39:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/01 13:38:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/01 13:38:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/08/01 13:38:29 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010/08/01 13:38:29 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010/08/01 13:37:52 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010/08/01 13:37:52 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010/08/01 13:37:46 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2010/08/01 13:37:46 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2010/07/25 20:26:45 | 000,002,311 | ---- | C] () -- C:\Users\aofhxc\.recently-used.xbel
[2010/07/23 10:56:19 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/07/23 10:17:40 | 000,027,840 | ---- | C] () -- C:\Users\aofhxc\Documents\cc_20100723_101738.reg
[2010/07/18 13:32:33 | 000,004,990 | ---- | C] () -- C:\Users\aofhxc\Documents\cc_20100718_133231.reg
[2010/06/23 19:30:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/06/19 15:16:10 | 000,003,132 | ---- | C] () -- C:\Users\aofhxc\Documents\cc_20100619_151607.reg
[2010/06/16 09:33:26 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 09:33:26 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 09:33:26 | 000,065,536 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{69aa1a36-7950-11df-9012-e3e5d44e5061}.TM.blf
[2010/06/14 11:51:44 | 000,000,033 | ---- | C] () -- C:\Windows\lg.ini
[2010/05/21 07:51:43 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TMContainer00000000000000000002.regtrans-ms
[2010/05/21 07:51:43 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TMContainer00000000000000000001.regtrans-ms
[2010/05/21 07:51:43 | 000,065,536 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{7bbce2f1-64d5-11df-a879-b64952897989}.TM.blf
[2010/05/18 14:28:58 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 14:28:58 | 000,524,288 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 14:28:58 | 000,065,536 | -HS- | C] () -- C:\Users\aofhxc\ntuser.dat{b8f25c71-62ac-11df-adfc-ec0a8d25f98b}.TM.blf
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/26 18:36:58 | 000,000,094 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\fusioncache.dat
[2010/03/26 16:53:13 | 000,743,848 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/28 11:08:37 | 000,069,632 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 11:25:11 | 000,028,105 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/08/09 11:25:01 | 000,034,128 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_dotnetfx3install.txt
[2009/08/09 11:25:01 | 000,000,604 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_dotnetfx3error.txt
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/24 11:47:47 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2009/05/12 23:58:22 | 002,300,230 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_MSDNExp_MSI5A7A.txt
[2009/05/12 23:55:07 | 010,544,596 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\VSMsiLog57FE.txt
[2009/05/12 23:54:57 | 000,200,390 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI57DA.txt
[2009/05/12 23:54:47 | 000,200,010 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_WinSDK_ExpTools_x64_MSI57BC.txt
[2009/05/12 23:54:23 | 005,359,176 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_WinSDK_Build_x64_MSI576B.txt
[2009/05/12 23:54:12 | 001,180,358 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_ExpRemoteDbg_x64_MSI574A.txt
[2009/05/12 23:53:20 | 001,864,736 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_NET_Framework35_x64_MSI56A0.txt
[2009/05/12 23:50:34 | 000,175,797 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/05/12 23:50:31 | 000,000,002 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_dotnetfx35error.txt
[2009/05/12 23:50:30 | 000,159,142 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_dotnetfx35install.txt
[2009/05/12 23:50:18 | 000,839,152 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_VC_MinRed_MSI544E.txt
[2009/05/12 20:12:41 | 000,069,620 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_depcheck_VC_EXP_90.txt
[2009/05/12 20:12:25 | 000,368,462 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_install_vc_xcor_90.txt
[2009/05/12 20:12:25 | 000,026,814 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\uxeventlog.txt
[2009/05/12 20:12:25 | 000,000,002 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\dd_error_vc_xcor_90.txt
[2009/04/11 17:19:28 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/02/06 00:09:05 | 000,001,460 | ---- | C] () -- C:\Users\aofhxc\AppData\Local\d3d9caps64.dat
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2005/06/18 10:00:52 | 000,070,018 | ---- | C] () -- C:\Windows\SysWow64\akrip32.dll
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2009/04/21 21:28:35 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\acccore
[2010/08/08 13:59:09 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Aegisub
[2010/07/31 19:28:53 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Bioshock
[2010/08/14 00:46:46 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Broad Intelligence
[2010/01/30 17:26:16 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Crayon Physics Deluxe
[2009/08/09 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\DAEMON Tools Lite
[2009/11/11 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\fltk.org
[2010/07/08 19:15:32 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\foobar2000
[2009/10/31 10:23:30 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Foxit
[2009/11/26 12:05:30 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Foxit Software
[2010/07/25 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\gtk-2.0
[2010/03/03 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\kikin
[2009/07/24 11:57:22 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Line 6
[2009/02/10 11:06:15 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Ringtone
[2009/02/11 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Subversion
[2009/10/09 22:04:33 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\SystemRequirementsLab
[2009/11/19 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Tunngle
[2010/04/06 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Turbine
[2009/02/06 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\Ubisoft
[2010/08/08 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\aofhxc\AppData\Roaming\uTorrent
[2010/08/15 19:36:50 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

OTL Extras logfile created on: 8/15/2010 10:09:40 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\aofhxc\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 193.39 Gb Free Space | 41.52% Space Free | Partition Type: NTFS
Drive D: | 29.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AOFHXC-PC
Current User Name: aofhxc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 47 9D 3F 4C DB 31 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3857675923-1375245881-3879093727-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020B1EED-30D8-4365-BE73-B9016BCA6064}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{02C41A57-7F7F-4F27-A527-411EDFCF0216}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07986F99-5874-4A11-A50B-4A15E1CD3C10}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0C844181-4987-43F1-A159-5226BAF12876}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F6896DA-7C32-4C6B-A987-80B3DC786170}" = lport=6113 | protocol=6 | dir=in | name=blizzard |
"{133675A9-89B4-4C6B-8373-8E1ABD8B7771}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{183270B4-1761-4CDE-B353-60A346F81E87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F140541-DF9C-4A49-9359-CA56BF104E46}" = lport=6114 | protocol=6 | dir=in | name=blizzard |
"{222B04F1-FF5D-4E6E-A48D-0B2C9A9DD9FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36783F67-55E1-4BAF-857C-C741B13D2DC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{46DDE13B-187D-4A76-8137-CB67DE3CC313}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A8BF58D-EB2A-4FA0-B3CE-C012FBED4E60}" = lport=58152 | protocol=6 | dir=in | name=pando media booster |
"{5058113B-7B2F-4B7A-A911-19EB2E04B5AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{596C050A-64F4-45D0-92F8-4F003F469BFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A666237-9E16-43E9-AB64-ED629F11AC0A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{71AFE180-3C45-46D5-9018-E53D912A5CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7504D935-C2BF-4500-839F-1C4136E402B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E820E8F-304A-4851-A560-053BBE969E09}" = lport=4000 | protocol=6 | dir=in | name=blizzard |
"{88A42789-0450-4F68-925E-F7102AC70F8C}" = lport=3274 | protocol=6 | dir=in | name=blizzard |
"{8939357B-E917-457A-B437-AAE9A5610A63}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE5AF405-5CC2-4996-B80F-5ACA856DC0D5}" = lport=6112 | protocol=6 | dir=in | name=blizzard |
"{C0391189-7B91-4817-A76B-020A85959268}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4DF203A-99CF-4B75-BD54-5A430963D95A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7A6D98E-25F2-4DE6-8C55-497EA4A75EAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5414577-6790-49DA-9FD8-A7CE973E47F7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E08B3BF3-7E13-4686-ACEC-A6BCC09EB3E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED90E4AC-9ED1-4230-8AA7-FE7FCC7A7A30}" = rport=138 | protocol=17 | dir=out | app=system |
"{F328224E-2D65-4C18-BFCC-1B2E2609CFE6}" = lport=58152 | protocol=17 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CA0248-2F27-4F3D-89E5-C50579118FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\skulltag\skulltag.exe |
"{0D2E4965-A08A-484D-A0D2-609F4C2D1B1A}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{0DB951C3-0B27-4AD0-93A4-0F144977B5F4}" = protocol=6 | dir=in | app=c:\users\aofhxc\appdata\local\apps\2.0\mgb0lgag.54g\9tjl0b1x.rjj\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{0DF360A0-7798-4C16-9719-2A776518D7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\skulltag\rcon_utility.exe |
"{0F80F7D9-978D-4FF4-B2D9-0CCA28B90D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{12EFAA21-84EE-4724-924C-9B0C2FF700AE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{13D568BF-CE4A-4F8B-8D37-6C9756E98592}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\synergy\hl2.exe |
"{16137223-6671-4044-A13A-77E4862A1714}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{169DE71F-F646-4452-B666-53765C15D319}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{18001638-E46D-4CD0-B488-7B4674EFE0B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{180DF3D3-8E06-4D67-BD44-1DF78FC06CB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ED2D8E0-E565-4890-BA2D-538CACB3B4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\skulltag\doomseeker.exe |
"{1F502409-6517-4F33-ACF4-CAC14D1BBE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
"{20775CFC-EDFC-4F5F-B2B3-D0AF362B765B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
"{20E98965-4EC7-47FB-93C2-A01F002968FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
"{28C8DD62-5A5B-47FB-9A7C-D3306A379F6C}" = protocol=6 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 00262ae7\installer.exe |
"{2D16EDF2-8F9A-416E-BF36-C0985D62CDA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\source sdk base 2007\hl2.exe |
"{2F3C1439-C049-4EDC-BA76-69AA308CE1CA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{31B9D39C-EF25-44D5-ABB4-19223B6DA446}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{33DE0194-326B-42EF-B4D7-81DF29A7C0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{35A894F8-FB6C-4719-BDE9-405AB6449885}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{3678130F-BDFD-446F-AA7F-8A7F5C5A90E3}" = protocol=6 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 04207035\installer.exe |
"{391B342F-86F8-49F7-80DB-F8E49505739F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrectionquickdedicated.exe |
"{3A557D01-E175-49DB-976D-A49B0C577712}" = protocol=17 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 00262ae7\installer.exe |
"{3D5FB8AA-5C69-4978-970E-F79FE6C26E9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{437FFCE3-6943-4028-B306-F0F72E09F244}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\pirates, vikings, and knights ii\hl2.exe |
"{4954FDA6-615F-4430-AA3A-49F936A5F875}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{4A656E56-DA24-4B4C-A49C-2A23DDF7B6AF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B1DB178-2293-4113-B3F6-C3DBCF65C65E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{4F2BB014-4B88-4D53-98EA-2738A14ED829}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{4FA2CA8D-94B4-4B38-9688-5EB3A9F36663}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{506D6C5C-D480-4EF8-AFF1-CECCF175B726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\garrysmod\hl2.exe |
"{52628E11-2501-47CE-8D4B-AAFB5A19D1B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\half-life\hl.exe |
"{52ED50B3-FA23-4448-A6C8-00CF8B8E0B5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock demo\builds\release\bioshock.exe |
"{5B1C6A49-31B0-4DFE-9904-A02D0F9DBE78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5B84075D-4079-436C-B205-BB81501EA26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E6E7F0D-EC1D-4CF2-BDA7-A07263A26B06}" = protocol=17 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 00f7f7ab\installer.exe |
"{627E8AA0-86D5-46FD-86C5-21CC0C03B923}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{638582B1-E4AA-48D3-A376-27F1CAC04460}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6555DDA4-6F78-4B66-921F-14A98C8BE526}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{69BF0ECC-453E-4251-858F-15D8771033C8}" = protocol=6 | dir=in | app=c:\program files (x86)\skulltag\skulltag.exe |
"{6BA67598-BEC6-4286-8142-B452D7B72BFB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6EF0950F-DFDA-44A3-9A0B-257A2AA320CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{72CC0387-9B20-401A-B178-DDE8789A59AE}" = protocol=6 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 0351ca9f\installer.exe |
"{73B42466-48A5-452F-916E-84B1FE265B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{75C59F55-2CEE-41A4-8A95-614DA781FA14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{7809987E-F263-42EB-879B-E257C43FEE1C}" = protocol=6 | dir=in | app=c:\users\aofhxc\downloads\downloader_diablo2_enus.exe |
"{7C5B68FB-57E6-44AF-945B-A6C5822F10EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{7E0955AD-71B5-42F1-B91C-C126DC6320DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{7FD52D27-5E2E-4BFC-A243-0FAAE869CDB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{80161954-2E27-44AA-B47B-BA9B43E83D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{8161F953-8B52-4D07-B3A0-361E58486E9A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{83810B97-4150-4795-9352-A1B6DAFD0A54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{8861F5D3-99DC-4929-94E3-CDF77DDC77E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{88B0CF74-889A-4D42-A5F8-2CF1AD11CB94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\source sdk base 2007\hl2.exe |
"{8D346C66-38AD-4CB2-9559-30C61D26FACF}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{8FC5FFA9-85D8-4004-B70A-5CBAE0FAFE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\pirates, vikings, and knights ii\hl2.exe |
"{90A8059A-438B-40B5-ACC6-0FB68F86F638}" = protocol=17 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 0351ca9f\installer.exe |
"{90F42208-60AC-4C8D-AB2B-F73A5568DF83}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{949DCEE4-712C-4C39-BC60-FB6F7E84E3FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{94AE0ADB-8308-4A0D-96F1-6858AE570FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{952506BD-0857-402F-8D98-CAEFCC0B9DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{97086BC0-495E-4538-A572-09B6FDED4F30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9759100D-DF87-4392-976E-E92141567DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{9A22F4CE-6B1E-4F60-9035-EBC4B54620A5}" = protocol=17 | dir=in | app=c:\users\aofhxc\appdata\local\apps\2.0\mgb0lgag.54g\9tjl0b1x.rjj\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{9C582551-AE50-4C7D-882E-57A7E5B0C9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{9E9B6684-A3FE-4AA5-B754-E9A7C5AB3C98}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{9E9C5460-A45C-4EC5-914A-F22E896E11F2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{9EE50E79-758E-41D4-8B6F-F058DCF6A4FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9F5939EA-0BDE-4DFE-B1F5-3975462795D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9F5A189D-B9B1-4993-B2B4-45A01EA58D9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FDA5CC5-90EB-4103-B0BB-572C3AEF5374}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{A4416AEC-A470-411D-93D7-A20A49CD9D9A}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{A7088507-5536-4181-8107-80FB044B08A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrectioneditor.exe |
"{A7F6C8E8-250A-424C-85BF-EB56527960E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{A8799C35-E345-46F8-B384-02C63CE8089F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{A91C050B-0021-4D4F-9C68-A1557FB4582B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\synergy\hl2.exe |
"{AE5B4B7D-6860-49FF-9608-D6CFCEBDC011}" = protocol=17 | dir=in | app=c:\program files (x86)\skulltag\rcon_utility.exe |
"{AF38C223-E5F6-4FA3-9895-8C4E5F3D1FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
"{B18C533F-178D-49AE-9F21-2BFEA0EFC1EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{B6BC92CE-8232-4BAE-823F-80EC8783D651}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{BEE50F05-4CB4-4637-9B4A-16B79CD9BD8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C1ED1EF4-BBA2-4B4D-B6E1-B489E2C39B1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C5704EC1-DB96-47FB-8672-FCA632FFB89E}" = protocol=6 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 00f7f7ab\installer.exe |
"{C75518B1-315B-4763-AA7A-C8F178590F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrectionquickdedicated.exe |
"{D0E4A81C-C66F-4E8F-8CED-DFE4229D45B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
"{D5A942D9-63FD-4109-B8C4-089B4D19F225}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{D5BB8FD9-8479-4D91-AE4B-D62CE10CFA8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrectioneditor.exe |
"{D5C58620-017C-40B7-8AB6-A22A76FEDDC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D64368C7-F22B-4064-8096-CE1CB944B6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D64BDE69-68ED-4890-A4F0-5EDCB7EDF062}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D9FA4D9E-E96C-4796-9BD8-907CEAC08D35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\garrysmod\hl2.exe |
"{DA4907D6-B81F-494E-9FB6-A134F5791B05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{DA5E8E54-E766-464A-B726-BA7716E5DBA4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DB069269-4519-4BC5-B33B-4212639F88D2}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{DCEFE71D-7518-4A24-84C8-A0DAEA854553}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
"{DEDD81C0-C213-4662-B5E1-F6FAD7628F86}" = protocol=6 | dir=in | app=c:\program files (x86)\skulltag\doomseeker.exe |
"{E5AAF840-B93E-46E6-9FD7-7BE94F258335}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\half-life\hl.exe |
"{E67F5406-A80B-43C5-BA4E-ADBCC1A75DBE}" = protocol=17 | dir=in | app=c:\users\aofhxc\appdata\local\temp\blizzard installer bootstrap - 04207035\installer.exe |
"{EC6890E0-8AC9-4697-857D-42BBAD75CD24}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F2C2CCD2-2334-404B-BDAC-F7664D168C43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock demo\builds\release\bioshock.exe |
"{F5AB324C-6C02-4F9B-938C-FC9490FD5F90}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{FA9DA264-0233-462E-82DD-7FA6DFA135D6}" = protocol=17 | dir=in | app=c:\users\aofhxc\downloads\downloader_diablo2_enus.exe |
"TCP Query User{0DFE5016-2BB4-4BFE-8486-9D4204006190}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{25EABE76-C591-403F-B409-63B698532709}C:\users\aofhxc\documents\ultima\steamstats.exe" = protocol=6 | dir=in | app=c:\users\aofhxc\documents\ultima\steamstats.exe |
"TCP Query User{2ABD77BF-E56C-4E16-919B-C95B171A08C0}C:\users\aofhxc\desktop\steamstats.exe" = protocol=6 | dir=in | app=c:\users\aofhxc\desktop\steamstats.exe |
"TCP Query User{416ECE5A-6B7C-48D0-9201-A7309F5405A0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5E6A6492-677D-4EF1-A391-A6AD6F70067B}C:\users\aofhxc\desktop\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\aofhxc\desktop\zsnesw.exe |
"TCP Query User{6F8BC672-17AF-4336-B132-9F69831AA98B}C:\program files (x86)\d2\d2loader-1.12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\d2\d2loader-1.12.exe |
"TCP Query User{9187F92C-02B5-442D-A4B2-C9E8256F901A}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"TCP Query User{AFD5AB02-E31D-4ACA-989C-B29785A4BBE7}C:\program files (x86)\unreal tournament 3\binaries\unrealconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\unrealconsole.exe |
"TCP Query User{B66A6458-D12C-46B3-9A25-17B01F0EB8DC}C:\program files (x86)\steam\steamapps\aofhxc\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\source sdk base\hl2.exe |
"TCP Query User{C944C028-664E-4609-93A0-ADB5F442161D}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{DF3219A5-88F6-4B1B-AF8B-D476F1D3D71F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{E6CCE016-7120-4974-80E1-ACF51A31CC18}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{E7A351B8-9DA8-4349-98F4-FAC339099057}C:\program files (x86)\steam\steamapps\aofhxc\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\team fortress 2\hl2.exe |
"TCP Query User{E9687ACC-962C-4C13-B6AB-F58FD10A06BF}C:\users\aofhxc\desktop\ultima\unreal tournament 3\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\aofhxc\desktop\ultima\unreal tournament 3\zsnesw.exe |
"TCP Query User{F1AC484F-1FB7-4A93-B6FF-E7E89E5EF119}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"TCP Query User{FCE0E713-295A-4BFA-8C4A-327CE48D02B2}C:\program files (x86)\steam\steamapps\notspy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\notspy\team fortress 2\hl2.exe |
"UDP Query User{25BB5270-99DE-43CB-A4A1-CA377F38209B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{312EA2BD-B09D-41A4-85A1-28993CE00C67}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"UDP Query User{31B74A0A-9F01-42EA-955F-E096D25C3F21}C:\program files (x86)\steam\steamapps\aofhxc\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\source sdk base\hl2.exe |
"UDP Query User{352B6362-0602-46F0-82A1-AFC35FA888A8}C:\program files (x86)\steam\steamapps\aofhxc\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aofhxc\team fortress 2\hl2.exe |
"UDP Query User{36CA7080-12A2-4758-BDEA-A1D2ED803939}C:\program files (x86)\steam\steamapps\notspy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\notspy\team fortress 2\hl2.exe |
"UDP Query User{37B525B8-235B-4609-AF2B-4D9511F9D35D}C:\users\aofhxc\desktop\steamstats.exe" = protocol=17 | dir=in | app=c:\users\aofhxc\desktop\steamstats.exe |
"UDP Query User{82AB94A6-ED9B-4A1A-8B25-EE0D1884673A}C:\users\aofhxc\desktop\ultima\unreal tournament 3\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\aofhxc\desktop\ultima\unreal tournament 3\zsnesw.exe |
"UDP Query User{86DD91B2-6F32-4C5A-AACB-AF4F6794A100}C:\program files (x86)\unreal tournament 3\binaries\unrealconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\unrealconsole.exe |
"UDP Query User{8A7575ED-71CB-4F0F-B8B1-037BC2B7CF6E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9373C014-09B4-4612-8560-08A6A4FC40D9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9DE3373F-156D-423B-986F-37C6ED339349}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"UDP Query User{9F49DF8D-C0FF-4763-B344-73DCB7C86F7A}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{B82C32CB-DC34-46A0-9A16-2E8447846951}C:\users\aofhxc\desktop\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\aofhxc\desktop\zsnesw.exe |
"UDP Query User{C756C553-589E-4592-A89D-7A4C46C747C9}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"UDP Query User{DC1CB6F2-85E6-4719-87A9-7AA493C884E2}C:\users\aofhxc\documents\ultima\steamstats.exe" = protocol=17 | dir=in | app=c:\users\aofhxc\documents\ultima\steamstats.exe |
"UDP Query User{EA4DF431-702B-4FE8-94DF-852B0F852986}C:\program files (x86)\d2\d2loader-1.12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\d2\d2loader-1.12.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62577E41-C350-3D07-97C8-2B6CDB4BAD60}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA96A695-E9CE-4B2A-919A-540B73E7A78E}" = Microsoft Platform SDK (3790.1830)
"{BF9E22D5-A099-4AB3-8F3B-800CF861A83E}" = TortoiseSVN 1.5.7.15182 (64 bit)
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D675AFB3-E32E-0935-3C1F-58D5D05A77A6}" = ATI AVIVO64 Codecs
"{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C680EFC-3679-465E-8072-462D05472D78}_is1" = Obsidian Conflict Beta 1.34
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{60AF08A3-3229-4101-8DBF-3BF1C40475C5}" = D2PK 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate™ II - Shadows of Amn™
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEA20FED-A903-46A2-B197-789B4456B508}" = HW Monitor
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D2FD1079-2CF1-461E-8418-E91CA6656B45}" = BIOS Flash
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (JDownloader Edition) 2.0
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adrianne" = Adrianne demo by NVIDIA (remove only)
"AIM_6" = AIM 6
"Ashampoo Movie Shrink & Burn 3_is1" = Ashampoo Movie Shrink & Burn 3 3.03
"Ask Toolbar_is1" = Foxit Toolbar
"AutoItv3" = AutoIt v3.3.6.0
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"D2PK 3.2" = D2PK
"Debut" = Debut Video Capture Software
"Diablo" = Diablo
"Diablo II" = Diablo II
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"foobar2000" = foobar2000 v0.9.6.8
"Forsaken Ragnarok Online" = Forsaken Ragnarok Online
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"GoldWave v5.25" = GoldWave v5.25
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4399
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"ObjectDock" = ObjectDock
"osu!" = osu!
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.9.0
"Prism" = Prism Video Converter
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Skulltag" = Skulltag
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedFan" = SpeedFan (remove only)
"SShockDeinstallKey" = System Shock2
"ST6UNST #1" = Hero Editor V1.03
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 17470" = Dead Space
"Steam App 17520" = Synergy
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 3270" = Painkiller Overdose
"Steam App 380" = Half-Life 2: Episode One
"Steam App 3830" = Psychonauts
"Steam App 39530" = Painkiller: Black Edition
"Steam App 39560" = Painkiller: Resurrection
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Steam App 70" = Half-Life
"Steam App 7710" = Bioshock Demo
"SvenCoop" = Sven Co-op 4.0B
"SystemRequirementsLab" = System Requirements Lab
"ToolBox" = NCH Toolbox
"Tunngle beta_is1" = Tunngle beta
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Diablo" = Diablo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2010 6:41:12 PM | Computer Name = aofhxc-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/15/2010 6:54:25 PM | Computer Name = aofhxc-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/15/2010 6:55:34 PM | Computer Name = aofhxc-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\BreakPoint
Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 8/15/2010 6:55:34 PM | Computer Name = aofhxc-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\BreakPoint
Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 8/15/2010 8:13:06 PM | Computer Name = aofhxc-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x884, application
start time 0x01cb3ccc9caeaf32.

Error - 8/15/2010 8:17:03 PM | Computer Name = aofhxc-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\BreakPoint
Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 8/15/2010 8:17:03 PM | Computer Name = aofhxc-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\BreakPoint
Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 8/15/2010 8:39:43 PM | Computer Name = aofhxc-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/15/2010 9:38:23 PM | Computer Name = aofhxc-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000000000002b062, process id 0x8a4, application
start time 0x01cb3cdb52fc1df4.

Error - 8/15/2010 10:25:14 PM | Computer Name = aofhxc-PC | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 8a8 Start Time: 01cb3ce960494bf4 Termination Time: 62

[ System Events ]
Error - 8/15/2010 6:37:18 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2010 6:37:26 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2010 6:37:27 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2010 6:37:48 PM | Computer Name = aofhxc-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/15/2010 6:37:48 PM | Computer Name = aofhxc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2010 6:42:55 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2010 6:54:25 PM | Computer Name = aofhxc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2010 6:55:03 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10010
Description =

Error - 8/15/2010 8:39:44 PM | Computer Name = aofhxc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2010 8:40:22 PM | Computer Name = aofhxc-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Edited by boopme, 15 August 2010 - 10:39 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 22 August 2010 - 04:31 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Burter

Burter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 22 August 2010 - 01:58 PM

I'm pretty I've completely ridden my system of the virus, but just out of curiosity, was there anything in the previously posted logs that showed my computer was still infected?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 22 August 2010 - 03:07 PM

No active malware on first sight. smile.gif

Please let me know if you still need help or if this can be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Burter

Burter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 22 August 2010 - 03:42 PM

You can close this thread, yes.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:04 PM

Posted 23 August 2010 - 02:07 AM

This topic is now closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users