Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redrecting/popup virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 bbbailey

bbbailey

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 17 August 2010 - 10:56 PM

Had this for some time, no scans I've tried with antimalware/avg/spy-bot/hijack-this have helped/found anything. Also the redirecting only appears to happen on certain sites in Firefox, the same sites are fine in internet explorer, but both browsers have similar pop-ups occurring. Sites being redirected to include Google analytics. Attached are the required starting logs. Thanks for your help in advance, this has been driving me crazy sad.gif

Attached Files

  • Attached File  DDS.txt   20.76KB   5 downloads
  • Attached File  ark.txt   14.04KB   5 downloads


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 25 August 2010 - 05:08 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 12:45 AM

Description:

Some pages when i try to go to them, i get redirected, most of the time to www.google-analytics.com.... and i am unable to ever navigate to these pages.
Also, some links that never used to get popups, now do, which most of time open up a new window (not tab) which is normal google.com (which isnt my homepage) or some other google related page. (i.e. google analytics)


reports:

OTL:

OTL logfile created on: 28/08/2010 3:37:33 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Alex\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 190.87 Gb Free Space | 40.98% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.74 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 228.48 Gb Free Space | 24.53% Space Free | Partition Type: NTFS
Drive G: | 556.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OLDBLUE
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 15:33:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2010/07/23 12:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/17 13:21:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 13:21:01 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 13:21:01 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 13:21:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 13:20:58 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 13:20:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/17 16:25:14 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/06/15 16:33:40 | 010,358,072 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/06/10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/06/03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/05/19 03:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/11 01:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/18 10:08:45 | 002,094,352 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2007/07/18 09:30:12 | 000,414,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
PRC - [2007/07/18 09:30:03 | 001,687,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2007/07/18 09:29:52 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007/07/18 09:29:24 | 000,278,288 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2007/01/11 22:18:50 | 000,063,112 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB3RPK.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/28 15:33:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2008/01/18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/17 13:21:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/03/11 08:42:00 | 003,121,464 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/30 01:54:44 | 000,102,400 | ---- | M] (PacketVideo) [Disabled | Stopped] -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/14 11:46:28 | 000,047,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Alex\AppData\Local\Temp\BTX152A.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/22 21:11:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/25 17:16:13 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/17 13:21:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 13:20:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/05 11:46:49 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/14 07:07:40 | 000,348,160 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/05/04 06:06:38 | 001,008,768 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2008/12/16 06:01:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/09/01 03:30:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.10\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/17 14:25:17 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/17 14:25:17 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/01/25 18:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/10/11 11:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007/09/29 15:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/23 20:29:32 | 000,060,768 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/01/06 16:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFDTV\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2001/11/13 18:47:26 | 000,041,324 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\winio.sys -- (WINIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 09:50:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/03/02 10:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 13:08:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 08:35:59 | 000,000,000 | ---D | M]

[2010/08/28 10:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 21:03:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 17:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/08/28 15:29:59 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2581868369-1299177804-3110480635-1000\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.108 213.109.77.153
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 15:32:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/08/22 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/08/22 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/08/19 13:45:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/18 12:26:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/18 12:25:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/18 12:04:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/18 12:04:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/18 12:04:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/18 12:03:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/18 11:59:11 | 000,000,000 | ---D | C] -- C:\wCFix
[2010/08/18 11:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/17 17:28:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/17 17:28:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/17 17:28:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/11 10:16:50 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 10:16:47 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 10:16:47 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 10:16:46 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 10:16:38 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/07 11:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft

========== Files - Modified Within 30 Days ==========

[2010/08/28 15:38:27 | 008,912,896 | -HS- | M] () -- C:\Users\Alex\NTUSER.DAT
[2010/08/28 15:33:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/08/28 15:33:04 | 000,133,632 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
[2010/08/28 15:29:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/28 15:28:28 | 000,002,481 | ---- | M] () -- C:\Users\Alex\Desktop\HiJackThis.lnk
[2010/08/28 15:19:57 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 15:19:57 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 15:16:43 | 000,009,728 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 15:16:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/28 10:34:06 | 064,024,297 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/28 01:20:10 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/28 01:20:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 16:38:17 | 000,002,215 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/27 14:33:51 | 000,787,814 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/27 14:33:51 | 000,666,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/27 14:33:51 | 000,131,788 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/22 21:38:22 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/22 21:37:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/22 21:36:42 | 000,524,288 | -HS- | M] () -- C:\Users\Alex\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 21:36:42 | 000,065,536 | -HS- | M] () -- C:\Users\Alex\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/08/22 21:36:18 | 004,221,996 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db
[2010/08/22 21:11:21 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/08/21 09:52:41 | 000,000,104 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2010/08/20 08:58:26 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2010/08/18 12:19:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/12 23:31:09 | 000,456,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 17:43:50 | 000,049,802 | ---- | M] () -- C:\Users\Alex\Documents\fdgdfgfgfdgfdgffff.scm

========== Files Created - No Company Name ==========

[2010/08/28 15:33:03 | 000,133,632 | ---- | C] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
[2010/08/21 09:52:41 | 000,000,104 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2010/08/18 12:04:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/18 12:04:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/18 12:04:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/18 12:04:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/18 12:04:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/12 17:43:50 | 000,049,802 | ---- | C] () -- C:\Users\Alex\Documents\fdgdfgfgfdgfdgffff.scm
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/18 01:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/21 00:52:25 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/05 09:09:03 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/25 01:01:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/12 22:44:48 | 000,000,552 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d8caps.dat
[2009/05/15 18:56:16 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/23 13:54:29 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/01/23 01:01:15 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/08/06 15:32:05 | 000,041,324 | ---- | C] () -- C:\Windows\System32\winio.sys
[2008/08/06 15:31:39 | 000,000,285 | ---- | C] () -- C:\Windows\matlab.ini
[2008/07/24 14:14:34 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/07/20 19:04:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/17 14:25:17 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/06/17 14:25:17 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/06/04 16:50:21 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2008/05/20 15:04:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/05/13 11:07:10 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
[2008/05/12 23:36:32 | 000,009,728 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/12 16:01:44 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/05/12 15:26:09 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/05/12 14:45:40 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/05/12 14:09:21 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/05/12 14:00:20 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 22:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/04 05:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EA09D10B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E23FEBD6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5678F84F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A88D8C0E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:93EC0F3D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8C35AEA7
< End of report >

Extra:

Only one report was created, which was the OTL report, no extra report was made. not sure why?

RKU:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F209000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11567104 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 197.45 )
0x8261D000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8261D000 PnpManager 3903488 bytes
0x8261D000 RAW 3903488 bytes
0x8261D000 WMIxWDM 3903488 bytes
0x99680000 Win32k 2105344 bytes
0x99680000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B605000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8320F000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9000D000 C:\Windows\system32\DRIVERS\3xHybrid.sys 1011712 bytes (NXP Semiconductors Germany GmbH, 3xHybrid)
0x80689000 PCI_PNP9120 995328 bytes
0x80689000 sptd 995328 bytes
0x80689000 C:\Windows\System32\Drivers\spyq.sys 995328 bytes
0x8B407000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA160E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9C83D000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8FD13000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83164000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x80600000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x830F3000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9C96A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80417000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x90B37000 C:\Windows\system32\drivers\csc.sys 368640 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xA0CF0000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x998D0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8300C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90A40000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x807AB000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA0D45000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8337F000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x9044E000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8B54A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x90AF1000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9059A000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x83345000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x901B0000 C:\Windows\System32\Drivers\aj4vk195.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA0C78000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B714000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90BAE000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x90409000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829D6000 ACPI_HAL 208896 bytes
0x829D6000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x830B1000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90A0E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B5A6000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x9048D000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8331A000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90104000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C8FC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA1718000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B764000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x805B1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA0CC9000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x80785000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x904BA000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B78B000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x833C0000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90AC9000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8B7C0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x90525000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA0C39000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA0C59000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x83083000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8B588000 C:\Windows\system32\DRIVERS\Rtlh86.sys 122880 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x9C9D7000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8B4F0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9C81A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9014F000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0xA0C0B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90192000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0CB1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90173000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x90B91000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B5D4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x905E8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA1702000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90A88000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x90584000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA0C24000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x833E3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9C943000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B5EB000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x905D4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9C930000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90AB6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FDD9000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA1740000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9C958000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B7AF000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B516000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x9043D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x830E3000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x904F6000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x830A1000 C:\Windows\system32\DRIVERS\jraid.sys 65536 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0x9C8EC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8306B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90131000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x831ED000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B53B000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9C80B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B755000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x805D8000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FDEB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FDCA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x805E7000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x90141000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x998C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90AA8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9056D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8305D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B7EA000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x80400000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FDB2000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8067C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA16F6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90519000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B50B000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x90000000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83200000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x90562000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x901F4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x901E9000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B527000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FDBF000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x805F6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83000000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9C926000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90B2D000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x90A9E000 C:\Windows\system32\DRIVERS\rtlprot.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Realtek Utility I/O Driver)
0xA16EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90169000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x90546000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x8B7E1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x904DF000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90BF4000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F200000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA1752000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9057B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x998A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B532000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8077C000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8307B000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B7F7000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8040F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90400000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x90506000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807F1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90552000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9055A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B74D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x904EF000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90512000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90A00000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x904E8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA0D3E000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x83056000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9018B000 C:\Windows\System32\Drivers\ULCDRHlp.sys 28672 bytes (Ulead Systems, Inc., ULCDRHlp driver)
0x90BA8000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x901AA000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90AEB000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA0D88000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x9012E000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8FD11000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 197.45 )
0x9000B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90550000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x85EF21F8 unknown_irp_handler 3592 bytes
0x873AC1F8 unknown_irp_handler 3592 bytes
0x85EF01F8 unknown_irp_handler 3592 bytes
0x8749D1F8 unknown_irp_handler 3592 bytes
0x873EF1F8 unknown_irp_handler 3592 bytes
0x85EF11F8 unknown_irp_handler 3592 bytes
0x892451F8 unknown_irp_handler 3592 bytes
0x873E21F8 unknown_irp_handler 3592 bytes
0x881DD1F8 unknown_irp_handler 3592 bytes
0x882B71F8 unknown_irp_handler 3592 bytes
0x8555D1F8 unknown_irp_handler 3592 bytes
0x892881F8 unknown_irp_handler 3592 bytes
0x875A8500 unknown_irp_handler 2816 bytes
0x873F3500 unknown_irp_handler 2816 bytes
0x873D1500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]




#4 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 02:55 AM

There was a setting in OTL not checked. Here is the 'extras' output:

OTL Extras logfile created on: 28/08/2010 5:53:34 PM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Alex\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 189.89 Gb Free Space | 40.77% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.74 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 228.48 Gb Free Space | 24.53% Space Free | Partition Type: NTFS
Drive G: | 556.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OLDBLUE
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2581868369-1299177804-3110480635-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Alex\Downloads\Office Genuine Advantage Validation v1.7.111.0 (March Latest)\OGA_v1.7.111.0_crack.exe" = C:\Users\Alex\Downloads\Office Genuine Advantage Validation v1.7.111.0 (March Latest)\OGA_v1.7.111.0_crack.exe:*:Enabled:Windows Messenger -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F42A30D-B3BE-4B2C-B013-71C76EA89F9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{101CEEB6-ADC9-4F2D-84ED-E44BC467FF3D}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{114B7AFD-9B25-4B39-BAF0-1009D41C41A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{123382EA-C48A-4988-B695-0F97B4CC9687}" = lport=6668 | protocol=6 | dir=in | name=homm5a |
"{15A2BD38-0E65-4EC1-B613-3F99FB73EB11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1A6CFF8E-1261-494B-B631-5DAA4150089D}" = lport=137 | protocol=17 | dir=in | app=system |
"{24B6C067-522B-4BEC-A723-DD5DB233A840}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{257E1DC0-17A0-45C9-B7AF-B74D521510CB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{31B2229B-8821-44E4-95AF-F4E61CD83E6B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{32104104-0698-4628-803E-DC33FB252D63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{324372B6-13AC-49B0-B02B-FF458EE037B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D711B6D-791C-49FA-90EF-F53E606CF1C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{42BC3BC5-DE76-46DC-8C67-283BD3043299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{46E2540A-E7F3-43DC-A1F2-BE912A574397}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47955FFA-EFE3-4460-AD16-DF7B016ECE6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4878DD22-054E-4F5F-8517-FD02573547FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4AA87430-18BF-4066-92B0-FF4B6009EADE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4B6DD8DB-578D-42BF-A82D-7BE2861179C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CD018FD-2035-4C64-8E90-32CF6ED61CAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D8F7AB3-A1D8-4159-9E78-ECFA7DD5752D}" = lport=8889 | protocol=17 | dir=in | name=homm5d |
"{4DB52FE9-0391-4870-BC7E-DF141688D15E}" = lport=138 | protocol=17 | dir=in | app=system |
"{56E6DA5F-8472-4778-9ABE-DFFBF7A325C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{56E83A69-0A9E-4C4D-A2A2-478458E0EE28}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D8EFC65-F693-4829-BEE9-971517762743}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64EE38A2-B01F-4150-9E4A-E4800ABFDCB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65BAF4C5-8B1F-40DE-952F-06DA1DD43690}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{699FA939-71C8-41EE-8326-82EF0785788A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{6B25413D-8D63-43C8-931A-C77D7ABDCCB8}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{6D174299-339C-474F-A2D6-9F342D88FAAE}" = lport=80 | protocol=6 | dir=in | app=system |
"{710429EB-B986-411E-ACC1-D01CDDA08869}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{74B7B6A2-BEC8-4638-9B64-2DE0E52CAF28}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{77A9B080-0191-40B4-95F7-C61F80CC118B}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{7B67A823-C39D-453C-92E8-EA8DB2FA8036}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{894751D7-9C59-4D95-8DFE-8912128D28D3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E513FF3-F36E-4A9B-B4D9-FEAA8E22D9C2}" = lport=30001 | protocol=17 | dir=in | name=server2 |
"{A421C2E2-9815-4BC3-B1F8-372BDEC607B5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ADCA99C2-9387-42F9-ACBF-FE3907E57431}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AFF527FB-B118-4B80-8BDD-173E2E26A58B}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{B2B71F4F-B700-4996-A3F3-114DA8368F58}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5F1770F-70B8-47A6-A932-AE891580D1BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9C84C33-91CB-42AB-925A-66A5FF9AEF75}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BA2EFD5C-D097-42B7-A894-0072F9CEF2AA}" = lport=42500 | protocol=17 | dir=in | name=homm5b |
"{C5E0F74F-EECE-4EAA-8A48-63C7E2B9964A}" = lport=8888 | protocol=17 | dir=in | name=homm5c |
"{C60F55BD-0932-4274-AD38-6BE07A254C6D}" = lport=40784 | protocol=6 | dir=in | name=utorrent |
"{C69A9DB5-0117-4AAB-8733-F1328E6852C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C8E99737-5011-42F1-B382-FD6D7F049F6A}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{CD9488F5-E988-4FB5-BF73-2B65242CF2E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CE5DEEE9-0033-470A-81A9-2514AFFAFEEC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{D080BFFC-22FB-4F18-8704-670BC5753DB2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{D29F01E8-724E-4C21-A850-076E12A299C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D5CC458B-B66C-4A1A-9F49-180F3144B866}" = lport=30001 | protocol=6 | dir=in | name=server1 |
"{DBD35B2B-8530-4A3D-8244-0C5C47693A31}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DDAEB803-1E49-4609-8D19-657FF58A6330}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE90E2A2-6713-42A7-84C4-A9996A11FF44}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{E2052D27-8FD6-4A19-AEC4-C7DE2E6F9EE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2AF73AA-158E-4DD6-86AC-1FB0CB28D85D}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{EA8459C0-7F7F-434B-BDB4-B6FFFD6BFD10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EC333A08-5332-4D6E-AF6E-AAB223CB5EEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F3A21E1B-5474-4C78-8CE3-9737DD555D02}" = lport=445 | protocol=6 | dir=in | app=system |
"{F41AD845-4AC5-4D69-A1C2-37BE6585A7FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F452FC5B-4652-45FA-96EA-7533415DE816}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F84E1890-68DF-4192-AE84-A7EF61A145A8}" = lport=40784 | protocol=17 | dir=in | name=utorrent |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FBBC72-4D29-4129-A998-42A6218F8F9D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{05959BAB-9DB3-4FD8-8720-FF643E1BAEF6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{063A3B28-D813-4991-96F5-734E6C3A27C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0656A5EA-67C2-4A6B-93CD-688B60ACB75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{066E4D45-C95C-4BDE-8AC1-E1521C894AB2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{07226FB7-D81F-4CD1-BF73-6BE353151C69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{08F5A857-51D3-47C1-9775-BFC9C02C09F7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{0BD9EAC3-F083-49C0-9AD6-ECABFDEBDCD0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0D215C97-DB43-4B8B-BFB7-86DDA378896C}" = protocol=17 | dir=in | app=c:\users\alex\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"{0DD22571-99CA-48FA-B776-395709A1CB30}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{0E26F8E3-F796-461A-AAAF-AD4076AABEB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F29EF05-A9DA-4FC2-8B0D-087F91049439}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0F76466F-0D11-4BE4-ADFD-014650BA768B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10EAB14B-747F-4368-9189-7C2D116B62C8}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{11C349B1-A374-44A7-A9BD-AD154ECBCF6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{12CFD198-FD13-431E-AD7E-D4B57B3A9481}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{16A136DB-C829-4B13-AB68-C30CBF798D97}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{176FBA3F-8C10-4FF5-9EB9-8E169DF3EC91}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{195E17FF-D2D1-44BB-ADC0-CE71C7FCE1F5}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{1BD5B5EF-863D-4C11-9ACB-33B524589FEB}" = protocol=17 | dir=in | app=c:\users\alex\games\tom clancy's h.a.w.x\hawx.exe |
"{1DC0DE17-EFF4-4153-996C-12456D7D4FB3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1FDDF75C-1F81-44FA-A6A5-A888DB25247E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20039A56-4A92-4ED5-AE9E-90E0793B5E40}" = protocol=17 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\fusion kal.exe |
"{2500E2B5-EABB-4933-94F7-568DC9D7A20C}" = protocol=17 | dir=in | app=c:\program files\activision\x-men origins - wolverine™\binaries\wolverine.exe |
"{255A3DF5-4B2A-4723-B052-F1476A67D1CA}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{25C6364B-3BF2-4D74-A767-7D8AF5A40E5F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{27D67661-9732-4572-96B0-56CABF7449D8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{27EAFFFB-A18F-40C1-B4EB-A1FD94D61B6B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{28798838-0426-4C58-9BE7-8A7E512904F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{296C69E7-3EB6-4C6E-BE1A-42C085E896E5}" = protocol=17 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\exception.exe |
"{2978F04B-22BF-4864-BD2F-59C8AD2B461A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2BFD3AD4-0EE9-46BF-BDB7-9E96FF3FB79C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C5829CE-6FAF-4BF2-A912-1E44DA64333B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FB4F99C-757A-4AAF-8A54-4527AAA83D4C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{311CFA05-EF39-42D3-8AD6-A208415E4B06}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{313EBC60-818C-4E40-B68F-D2BDCE55A48E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{31A46C15-83C2-4952-ADAD-178264C0181D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{35F2D063-6B6E-4442-B46E-3E04BCE41649}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{3625590D-42D4-4142-A5CD-EBB6B253739F}" = protocol=17 | dir=in | app=d:\kal\fusion kal v2 (full client)\fusion kal.exe |
"{36EC768F-BC69-413E-B318-16BC7EF1D163}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{3768FA6F-867B-4FCF-ADEA-DACFB6E95F31}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{37DE8B01-A80F-4298-95FC-463D5A23F2D8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{38658198-5B88-4F21-81FB-5F229E7B1204}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{38D567B8-957B-4E12-8A7F-241DE135E5B1}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{38EC7482-07CF-4915-96F3-22504BD5BAA6}" = protocol=17 | dir=in | app=c:\windows\system32\cnab3rpk.exe |
"{394D32A9-2B10-4B04-9D18-1BE0908BD7F9}" = protocol=6 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\fusion kal.exe |
"{3C7AB590-AB14-4B3E-A475-B65D3247B6BC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3CD22E3C-8D20-43C3-9A32-5E96040DCFBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41A279EE-9E61-4EB2-83DB-5E68B9CD1595}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42BE8B67-8D99-42F4-8ABD-65385168BDFB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{461A94DF-B906-432C-80CD-4DB3B8EE28C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{463BD6A7-750D-400A-8280-AB131A99B207}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4688EC55-7D77-4F6E-B475-3330F5381DD0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4725EA19-8DA0-445E-882A-F5E65A242AF8}" = protocol=17 | dir=in | app=c:\users\alex\downloads\aa3deployinstaller(2).exe |
"{48A72F37-AF43-405B-9474-930545BFE582}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{48B35CF6-05EB-4046-A52D-8580CDF08B9E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4985BFFB-62DB-49D4-A83D-A3D16BCF1EC1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{4DD5F06D-2D7D-4343-A337-E2FF6E4EEC05}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4FF8F8B1-CD4D-411F-B38C-41F414862694}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{565C0543-8B89-4F9D-A530-885AAC0ED0CC}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{573A5086-F4B5-4E56-B0EB-99003CF09CA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{590640B7-DB40-458F-BABB-909DAF20EBE9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{5971C1F7-AFDE-40D5-A11E-932727A72A7C}" = protocol=6 | dir=in | app=c:\program files\activision\x-men origins - wolverine™\binaries\wolverine.exe |
"{5AC8444C-D54A-4EF0-82D9-B20F7DC415C1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{5D1BDA8D-6117-495D-83CE-01ED1ABD1AF8}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{5D58B0C2-7F71-4F4C-9945-937F2DB8CDC9}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{6052C20C-B6BE-490A-926F-C05CB841F2A9}" = protocol=17 | dir=in | app=d:\kal\fusion kal v2 (full client)\engine.exe |
"{615A87A8-FC41-4C0B-9225-82C53D1A57AA}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{652FDC03-4F32-4D99-9C1C-32BFEB9A1BB2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{673C97FE-91AC-4DE5-B2D1-A75082CD784C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{688320FF-1628-409B-8167-6901A855FC87}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{6C3A6F56-6F84-4737-AEEA-0311281E80C1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{73A31F60-9559-4B2C-9EF2-3B7E6C957869}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{75265FD0-F31D-45D6-996C-0E3AD0A64988}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{76289326-BB51-47FD-AFA9-8E88BDB22094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76EF8878-B2A0-4A51-BFDA-A687E7FC359F}" = protocol=6 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\engine.exe |
"{7753899B-2E78-492C-9DF9-CA9D5D6141B7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7D78F8A7-9E61-40E1-B4F3-2937C3C66889}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{7F67FBF7-96A0-49D0-8928-1A39B4264D89}" = protocol=6 | dir=in | app=c:\users\alex\downloads\aa3deployinstaller(2).exe |
"{80860CE4-EC8F-4BB0-8141-6E256B5C9E61}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{81B3D046-A136-4EDF-90A5-3C6B682D79DA}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{81E8D8BC-E72D-47E2-9078-CC581A0BB81F}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{8307161A-63FC-461A-9E17-0B3C0BC5E9F1}" = protocol=6 | dir=in | app=d:\kal\fusion kal v2 (full client)\engine.exe |
"{87C4786C-F649-44AD-BE95-9B8067907D22}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{88F22B70-5D8C-4302-9D7D-238DE8413755}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8958F0D2-E39C-4D9F-AC87-3C1743E1252B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C130BD0-6410-4D45-BC69-C35EF37A0D48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D4F4692-0551-4DB3-A8CA-E697F2DD00CE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{90A687D1-E06C-4B8A-8A9F-8A38B5F33219}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{90A6BB50-45AF-4A34-A1A7-C86C287BF285}" = protocol=6 | dir=in | app=c:\users\alex\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"{90FC5B80-4FBB-4B1F-80E3-0C883A613FD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93159952-B105-4A8C-AA50-A2F7A581B4D3}" = protocol=17 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\engine.exe |
"{93A4BE3A-4666-4C17-845B-E69C1F7A99E5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{95443039-4CBD-4584-811B-62FFEE499599}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{966ED294-4A6D-4932-A49A-9D8DC6AE9F91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A4285A8-A5D9-4FF2-8A94-C4A3A26986F6}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{9B73D926-7F99-4BED-892B-ED554641E6E0}" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{9BC5B6A3-B345-4D0C-B0EC-FF6AB6D6491E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9D13F5B3-6F38-4150-B759-5F496C3CF1B8}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{9E830752-C8FE-4152-A00A-B4FC335F570F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{A14E26A2-12C5-4FF1-9CA6-1294D6F7286B}" = protocol=6 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\exception.exe |
"{A22EF698-E184-4DDB-9F50-AC97BDE8B8C2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A2BBF434-B3D7-4D4E-8F10-94AE2D82F3ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2C84028-9350-423D-AAAF-933C35DB21A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A36635FD-F062-4773-B98E-C605EBAF902F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A539E11A-A797-46D5-AFC4-665A26B2A132}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A7C0A610-63D2-4AA1-9692-3249AE4A0908}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A8A583F2-E357-48FC-9D08-763FB0227683}" = protocol=6 | dir=in | app=c:\users\alex\games\tom clancy's h.a.w.x\hawx.exe |
"{A8E6698D-D04F-40C6-A0F3-0DB28412135C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AA019B4E-5645-4979-86BD-52F867150616}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{AA2D0B31-A1D0-45CE-8BEF-9F4356FFA45E}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{AA5F1C42-59B1-4432-A649-588216BA2FDB}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{AACE9E8C-F567-440D-B081-F0DFCBFFA8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC4F282B-7CD2-4F34-ADC0-ACFAE4E82A80}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{AFFA6335-9C05-4077-A955-4F45D5B34AB3}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{B2ABBDC2-7FA8-49C7-8BB5-867F30C26936}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{B48A2065-14DE-475B-9E5F-790D02067A54}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B48BF8A8-299E-435B-8A46-A83B81DE9E2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C10563-EDCE-4996-854B-0CD887C35A80}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{BA3879C8-67D4-48DD-88C5-D06554374AF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0AF8E56-9066-40A2-9ABD-E2816FC709F6}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{C4BBCDAA-D2EC-49AF-BB98-FEA212000D98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6D89537-A9C3-4A05-A03B-F9D083E0FD7F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{C70EBDCB-AD2A-4583-A839-F10CC1D4B5EF}" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{CA852981-0AE9-4E7C-A670-91258B56681F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{CC5F1566-CC28-4F63-B396-FA75F1A493CA}" = protocol=17 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\conn.exe |
"{CDBADA6B-399F-43B6-9904-EA60C7A84E9B}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{CE037ED8-4DD0-463A-9CEA-3F5B483CC2C5}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{CE64BAC4-0E63-409D-8A99-ECE898FDC701}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{CF781417-15EE-4F0A-9C2D-4664B27DADA6}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D0F8F285-70C8-40AA-B8F1-BBE632B6C59A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D22F23F5-7887-4FDB-B9C8-26B377CBF167}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{D2D92EC0-E411-48FE-BCEB-B48EA56E21B8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{D3B3D05A-F072-48E0-8878-7DE2E57EEFE7}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{D4BC2F08-9054-4411-A6D2-6759C1581EB3}" = protocol=6 | dir=in | app=c:\windows\system32\cnab3rpk.exe |
"{D63D3A95-1C6D-479D-A7A4-3931468CEE50}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{D989E9B9-074E-483E-B206-77DBD34B23B0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DC0DF074-2A46-452D-B006-DA3F468AA432}" = protocol=6 | dir=in | app=c:\inixsoft\fusion kal\fusion kal v2 (full client)\conn.exe |
"{DE5DBFA9-54F3-4AC8-9AAA-D7EE3728C4FD}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{DEEB6510-DB7D-44D1-9153-DE7A227227CC}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{DF31DD5E-37E4-459E-AA96-00798E9C24B1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{DF4F38FA-737A-448E-A161-FB588DF7C9BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFAB002B-743E-46D5-BDB9-8DCAD88FCC68}" = protocol=17 | dir=in | app=d:\kal\fusion kal v2 (full client)\conn.exe |
"{E2D424DE-E4A5-4E88-8207-8157969E45D1}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{E4F934D7-6CD3-49CE-B91E-0908B9BAC23D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E54814E2-72BD-4AEE-BE06-D9A2161715F4}" = protocol=6 | dir=in | app=d:\kal\fusion kal v2 (full client)\fusion kal.exe |
"{E749C5EA-DD8F-4A66-8C84-0D08D8791570}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{E87968F6-2E67-4C3F-A9F2-C6D8072EB45F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E91076E9-6245-45AD-9316-CE461E3D54C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE100EE6-866D-4E93-AF44-8805FC8AE224}" = protocol=6 | dir=in | app=d:\kal\fusion kal v2 (full client)\conn.exe |
"{F022C5F3-9672-41A5-8728-01894597CB91}" = protocol=6 | dir=out | app=system |
"{F0A74290-A299-4095-80BC-E326862694BE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{F210311B-A611-4D24-BB5A-5B1F18279159}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{F2DD5870-5861-41AE-BE16-6E0926DCD4C1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F480753C-309B-47F3-ADC0-DC02F3B16CD8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F514615E-1852-4C2F-BAFD-9369763D0C38}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{FA623A62-8504-4AA9-8442-2D0492D6F499}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{067D6BEF-E31A-4D17-A037-BF39F70FE73A}C:\users\alex\downloads\dmpc2.3b.exe" = protocol=6 | dir=in | app=c:\users\alex\downloads\dmpc2.3b.exe |
"TCP Query User{0A5EAB5E-CF3D-4C80-8FC7-10635B5EB721}C:\program files\your freedom\freedom.exe" = protocol=6 | dir=in | app=c:\program files\your freedom\freedom.exe |
"TCP Query User{15EC7C43-AF28-4CEE-9138-4F773BD90243}C:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{2822E24F-531F-43AF-8BBE-2369B78093DA}C:\program files\winfast\wfdtv\dvbtap.exe" = protocol=6 | dir=in | app=c:\program files\winfast\wfdtv\dvbtap.exe |
"TCP Query User{32A00263-E9AE-4FDA-BFB7-7A21556BC51B}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{43D55F93-CFA5-4EC7-A1FE-099B3CFA70DB}C:\program files\dcl\dcl.exe" = protocol=6 | dir=in | app=c:\program files\dcl\dcl.exe |
"TCP Query User{45A7160F-3377-410C-BC6F-457E4540F5DA}C:\program files\id\quake3\quake3e.exe" = protocol=6 | dir=in | app=c:\program files\id\quake3\quake3e.exe |
"TCP Query User{50A59461-930C-4C31-A244-5B836810758A}C:\program files\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\dead space\dead space.exe |
"TCP Query User{5142D99B-2254-447A-9DD5-1E7756282FEE}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{56F3D81C-15A8-4D29-AD7E-B87C764C0DAF}F:\games\l4d2.0.0.9\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=f:\games\l4d2.0.0.9\left 4 dead 2\left4dead2.exe |
"TCP Query User{58DE2B3C-6B37-466F-9FE7-496FE888049F}C:\program files\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files\id software\quake 4\quake4.exe |
"TCP Query User{6429EE4F-D8A1-44FF-B53F-5E3B83865D6E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6565A5C4-FF0E-493B-95E9-D9B6ED7F994A}C:\program files\id software\quake 4\quake4ded.exe" = protocol=6 | dir=in | app=c:\program files\id software\quake 4\quake4ded.exe |
"TCP Query User{67D3F71D-FD6A-4ACE-B098-AECCEC82776E}C:\program files\dow2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\dow2\dow2.exe |
"TCP Query User{684A853B-FAC1-457A-962C-94413F1CBD06}C:\users\alex\downloads\dcplusplus.exe" = protocol=6 | dir=in | app=c:\users\alex\downloads\dcplusplus.exe |
"TCP Query User{6A8D3AC1-D6A8-4830-AB09-0B5FF1CC4BCD}C:\new folder\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\new folder\world of warcraft\repair.exe |
"TCP Query User{6B2A1ED4-D25C-4808-9F36-7F46ED681427}C:\program files\dcl\dcl.exe" = protocol=6 | dir=in | app=c:\program files\dcl\dcl.exe |
"TCP Query User{724B4058-4285-4475-BC15-D21475EB17AD}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{7395A1A9-9654-4401-A2B0-E36A363FC7E6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7491AF10-C65B-45B9-9979-3F0C507A66EC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{77F995BC-9662-45C9-AFBF-DCD2196CB396}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{80D79315-B971-427E-83FB-0F4D461528E6}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{88A2197C-2E26-4D8D-A1A3-CE486C4FA8EF}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{8C71263F-4E47-44BA-9226-896A61007F12}C:\dc downloads\games and programs\digimon\dmpc2.3b.exe" = protocol=6 | dir=in | app=c:\dc downloads\games and programs\digimon\dmpc2.3b.exe |
"TCP Query User{98A0DC67-8906-4AA6-8552-95B4284D5E2F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A4AC20A2-D263-4D21-8206-737E54B75750}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe |
"TCP Query User{A633F61D-D04C-4942-858F-A7C1AD498EAE}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{A7C02FB8-F5BC-4528-9763-94C4AAD5D4A2}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{ACA5F655-D38A-4876-AD46-23D3681C6F41}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{B44E9C98-745E-41AA-AFE7-DBAE52439F3B}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{BA742D0D-DB94-457B-A79B-A2F0EBC7F22E}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{BB66183E-AF29-4DDD-A95C-847F8686997E}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{CA61386D-B920-46F1-A989-D00881F85070}C:\program files\hon\hon.exe" = protocol=6 | dir=in | app=c:\program files\hon\hon.exe |
"TCP Query User{DC1CFBDA-9264-48BF-B4CA-A505D3CFBC6E}C:\program files\usarmy\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files\usarmy\america's army 3\binaries\aa3game.exe |
"TCP Query User{E9D09626-345B-4D5A-B556-4FFF0FE6D543}C:\program files\id\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\program files\id\quake3\quake3.exe |
"TCP Query User{F661443D-83C1-47BF-A6F2-A7D861CEF4A4}C:\program files\dopewars-1.5.12\dopewars.exe" = protocol=6 | dir=in | app=c:\program files\dopewars-1.5.12\dopewars.exe |
"TCP Query User{F9421EFA-360E-4F76-A00C-04459C79B9FE}C:\program files\ubisoft\heroes of might and magic v collector edition\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v collector edition\bin\h5_game.exe |
"UDP Query User{17FCE5DD-91D9-44AB-9B6E-F47BA310E802}C:\program files\id software\quake 4\quake4ded.exe" = protocol=17 | dir=in | app=c:\program files\id software\quake 4\quake4ded.exe |
"UDP Query User{2041D5AC-E008-44D9-AF09-9BE351EBF0BE}C:\program files\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\dead space\dead space.exe |
"UDP Query User{208D60E1-C3B5-41F9-AE37-4A4464B369C7}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{21611D51-074D-43C6-AC07-CA3C0EF948A5}C:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{258F2BE1-8D2B-4471-80A6-0D94B51B0879}C:\users\alex\downloads\dmpc2.3b.exe" = protocol=17 | dir=in | app=c:\users\alex\downloads\dmpc2.3b.exe |
"UDP Query User{2640291E-499C-4FEF-9218-DF773CD56C0F}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe |
"UDP Query User{2850505D-4D1B-4718-94FA-E637076C6B32}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{28A054FF-5A63-4C7F-A2FF-C9E0EEB8E2D9}C:\users\alex\downloads\dcplusplus.exe" = protocol=17 | dir=in | app=c:\users\alex\downloads\dcplusplus.exe |
"UDP Query User{2C2430F4-DD0A-4F1A-9857-11530BCF5E30}C:\program files\ubisoft\heroes of might and magic v collector edition\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v collector edition\bin\h5_game.exe |
"UDP Query User{3003B955-BA61-413C-85EF-E6CF281F8DBA}C:\program files\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files\id software\quake 4\quake4.exe |
"UDP Query User{3934440F-B91B-4DFA-88F7-7687503CC736}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{52B7613E-7851-4752-9D6B-4955480370E5}C:\program files\id\quake3\quake3e.exe" = protocol=17 | dir=in | app=c:\program files\id\quake3\quake3e.exe |
"UDP Query User{60903BFE-A9CB-4E06-803A-D59507F2A8EC}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{6149C9B0-823A-4352-942C-9D02683C1C80}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{63092932-FA45-4B10-801A-958D762D338C}C:\program files\dcl\dcl.exe" = protocol=17 | dir=in | app=c:\program files\dcl\dcl.exe |
"UDP Query User{6C75D6EA-5604-4A02-B15D-771DF71F5638}C:\new folder\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\new folder\world of warcraft\repair.exe |
"UDP Query User{702B2812-599F-4696-8FE9-907A16C61758}C:\program files\dopewars-1.5.12\dopewars.exe" = protocol=17 | dir=in | app=c:\program files\dopewars-1.5.12\dopewars.exe |
"UDP Query User{71D179BB-35F7-4512-B674-EC8BD2FC3F94}C:\program files\your freedom\freedom.exe" = protocol=17 | dir=in | app=c:\program files\your freedom\freedom.exe |
"UDP Query User{738B49D7-1285-41BD-B6CC-D10D190C26DA}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{74F5506F-B016-4559-A5F9-5B573F3506B0}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"UDP Query User{7977713F-A700-4AF7-98F0-118786725C70}C:\dc downloads\games and programs\digimon\dmpc2.3b.exe" = protocol=17 | dir=in | app=c:\dc downloads\games and programs\digimon\dmpc2.3b.exe |
"UDP Query User{850C4402-BE85-4676-813F-5CF7C790D195}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{8AEDBD14-BAAA-4F32-89FA-B0BA677662CC}C:\program files\winfast\wfdtv\dvbtap.exe" = protocol=17 | dir=in | app=c:\program files\winfast\wfdtv\dvbtap.exe |
"UDP Query User{92D3740D-EBFD-4C35-AB7E-27358EA05215}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{A0A19ACF-E157-49BB-ABDD-B982FBC568B6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC270DA8-6790-4334-A553-4F15041E8DCA}F:\games\l4d2.0.0.9\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=f:\games\l4d2.0.0.9\left 4 dead 2\left4dead2.exe |
"UDP Query User{B176EB33-E5D1-4C24-9C6D-CE7C746E5744}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{CB729714-208B-4716-AEB6-383AFB3F0A93}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{CCC9219D-BDA2-4ABB-B3DF-47F618F42591}C:\program files\hon\hon.exe" = protocol=17 | dir=in | app=c:\program files\hon\hon.exe |
"UDP Query User{CD58DD0E-5E2B-4D69-B521-804B8941F128}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{CE10E566-5283-4864-866C-515AAD5816CF}C:\program files\dow2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\dow2\dow2.exe |
"UDP Query User{D3F3C5AF-F8D0-4BF8-BF22-DFD991177357}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D44213D8-C345-452F-8AA1-E8531E48A893}C:\program files\usarmy\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files\usarmy\america's army 3\binaries\aa3game.exe |
"UDP Query User{E36E5B38-AD04-47D0-B971-8C314F3AB8B4}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{F7120999-39F1-4B1A-A1DE-B5BD2D3FE6FA}C:\program files\dcl\dcl.exe" = protocol=17 | dir=in | app=c:\program files\dcl\dcl.exe |
"UDP Query User{FD34177B-F9B3-4F66-A742-0EB2B7A42A09}C:\program files\id\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\program files\id\quake3\quake3.exe |
"UDP Query User{FD6CDACA-3F1B-4935-9468-059737A28A63}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{1095069C-ABE2-4041-8139-48DED17CD142}" = WinFast DTV1000 S Driver
"{16C3C822-052E-4CD7-8CEB-AE5352F1E76E}_is1" = Macro Recorder 4.67.0
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{653A52D8-127C-476D-BAD9-27117A3A4959}" = Nokia PC Internet Access
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE2669E-2BD8-4164-A8B5-C904C864B403}" = WA Update v3.50 beta2
"{9FB8CAC0-CCF6-47C9-8EDE-3AC69FD61033}" = Nero 7 Premium
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECE33DF-71BB-44A9-AFF5-CCD551136F8F}" = WoWGasm
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG9Uninstall" = AVG Free 9.0
"Canon LBP3000" = Canon LBP3000
"Canon LBP3100/LBP3108/LBP3150" = Canon LBP3100/LBP3108/LBP3150
"CCleaner" = CCleaner
"DivX Codec" = DivX Codec
"E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MpcStar" = MpcStar 4.0
"mpegable DS" = mpegable DS decoder
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.10
"ShockwaveFlash" = Macromedia Flash Player 8
"Starcraft" = Starcraft
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.9
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 04:22 AM

I see you also ran Combofix. Please post me the log at c:\log.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 04:52 AM

ComboFix 10-08-17.02 - Alex 18/08/2010 12:11:22.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3326.2354 [GMT 10:00]
Running from: c:\users\Alex\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alex\AppData\Local\Temp\1411965.txt
c:\users\Alex\AppData\Local\temp\Rpcqt.dll
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 02:17 . 2010-08-18 02:17 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2010-08-18 02:17 . 2010-08-18 02:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-18 02:17 . 2010-08-18 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 01:59 . 2010-08-18 01:59 -------- d-----w- C:\wCFix
2010-08-18 01:43 . 2010-08-18 01:43 -------- d-----w- C:\_OTL
2010-08-11 00:16 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 00:16 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 00:16 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 00:16 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 00:16 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 00:16 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 00:16 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 00:16 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 00:16 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 00:15 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 01:49 . 2010-08-07 01:57 -------- d-----w- c:\program files\Starcraft
2010-07-25 07:47 . 2010-07-25 07:47 -------- d-----w- c:\users\Alex\AppData\Roaming\VistaCodecs
2010-07-25 07:47 . 2010-07-25 07:47 -------- d-----w- c:\program files\VistaCodecPack
2010-07-22 12:31 . 2010-08-18 02:19 -------- d-----w- c:\users\Alex\AppData\Local\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 01:56 . 2008-10-11 01:19 -------- d-----w- c:\program files\uTorrent
2010-08-18 01:39 . 2008-10-11 01:19 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2010-08-17 07:36 . 2008-05-31 17:37 -------- d-----w- c:\program files\Common Files\Java
2010-08-17 07:28 . 2008-05-31 17:37 -------- d-----w- c:\program files\Java
2010-08-13 14:40 . 2010-05-12 10:17 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2010-08-13 14:12 . 2010-05-12 10:20 -------- d-----w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2010-08-11 00:21 . 2008-05-12 04:00 680 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
2010-08-02 05:14 . 2009-07-24 11:48 -------- d-----w- c:\users\Alex\AppData\Roaming\U3
2010-07-25 07:16 . 2008-05-12 04:09 16608 ----a-w- c:\windows\gdrv.sys
2010-07-25 07:02 . 2008-05-12 04:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 07:02 . 2008-05-12 04:14 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-22 11:38 . 2008-05-12 04:14 -------- d-----w- c:\program files\Realtek
2010-07-22 08:28 . 2010-05-27 08:33 63488 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-22 08:28 . 2010-05-27 08:33 117760 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-17 03:21 . 2009-01-30 22:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 03:21 . 2010-07-17 03:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 03:20 . 2008-05-12 05:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 19:00 . 2010-05-27 11:03 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 04:21 . 2008-05-14 01:27 -------- d-----w- c:\users\Alex\AppData\Roaming\Apple Computer
2010-07-14 03:38 . 2008-06-11 07:19 -------- d-----w- c:\program files\iTunes
2010-07-14 03:38 . 2010-07-14 03:38 -------- d-----w- c:\program files\iPod
2010-07-14 03:38 . 2008-06-11 07:16 -------- d-----w- c:\program files\Common Files\Apple
2010-07-14 03:34 . 2010-07-14 03:34 -------- d-----w- c:\program files\Bonjour
2010-07-08 06:04 . 2010-07-08 06:04 134269 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{CECE33DF-71BB-44A9-AFF5-CCD551136F8F}\_B77BE1305F92F386486173.exe
2010-07-08 06:04 . 2010-07-08 06:04 134269 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{CECE33DF-71BB-44A9-AFF5-CCD551136F8F}\_6FEFF9B68218417F98F549.exe
2010-07-08 06:04 . 2010-07-08 06:04 134269 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{CECE33DF-71BB-44A9-AFF5-CCD551136F8F}\_1BBC378961B3A26A491BC7.exe
2010-07-08 06:04 . 2010-07-08 06:04 -------- d-----w- c:\program files\Common Files\WoWGasm
2010-07-08 05:51 . 2010-07-08 05:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-07 15:33 . 2010-07-07 15:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Macro Recorder
2010-07-07 15:33 . 2010-07-07 15:33 -------- d-----w- c:\program files\MacroRecorder
2010-07-03 11:33 . 2008-05-12 06:01 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 11:33 . 2008-05-12 06:01 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-27 18:00 . 2010-06-27 18:00 1003520 ----a-w- c:\windows\system32\VSFilter.dll
2010-06-23 15:34 . 2008-05-12 14:29 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 02:35 . 2010-06-23 02:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 02:35 . 2010-06-23 02:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-16 07:14 . 2010-07-07 15:33 44032 ----a-w- c:\windows\system32\SystemHookCore.dll
2010-06-05 01:46 . 2008-05-12 05:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 10:33 . 2008-05-12 04:45 350720 ----a-w- c:\windows\system32\drivers\csc.sys
2010-05-27 08:33 . 2010-05-27 08:33 52224 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-27 03:35 . 2010-05-27 03:35 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-27 02:41 . 2008-05-12 14:13 139152 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-05-27 02:41 . 2008-05-12 14:13 139152 ----a-w- c:\users\Alex\AppData\Roaming\PnkBstrK.sys
2010-05-27 02:41 . 2008-05-12 14:12 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-27 02:41 . 2008-05-12 06:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-26 16:16 . 2010-06-09 03:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-09 03:17 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP3000 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
backup=c:\windows\pss\Canon LBP3000 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 06:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
2007-09-05 23:48 406944 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 13:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 05:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 05:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 06:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-18 13:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-11-15 05:55 2850816 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-11-16 06:13 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2581868369-1299177804-3110480635-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Alex\AppData\Local\Temp\BTX152A.tmp [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-13 348160]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-09 91392]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-10 3121464]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-05 691696]
R4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2009-01-29 102400]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
S3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-05-03 1008768]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 07:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 07:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 00:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
Trusted Zone: microsoft.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Alex\AppData\Local\Temp\BTX152A.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2581868369-1299177804-3110480635-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,64,fa,47,ce,20,c1,83,9e,c3,6c,d3,3a,6d,71,de,f7,97,cb,85,4b,
e0,38,38,02,c3,a5,28,6b,b5,e6,a0,b8,5b,bc,df,2f,f6,e2,e2,4d,8a,16,33,76,21,\
"rkeysecu"=hex:12,4c,0a,fb,58,a3,cc,a5,cd,2f,aa,c3,8b,f0,b6,f0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42E6D7B2-B1C8-2837-2B153136718EFEB8}\{8E0BC5B0-8FBD-4DC6-72B4724501FBC409}\{8BABC9F6-A6DF-6175-8337ACE301A74A27}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d3,ab,5c,
7a,09,eb,e5,7f,0c,8c,2f,ca,75,11,fd,ea,81,52,c0,20,38,c5,9f,3a,24,19,e2,51,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d3,ab,5c,
7a,09,eb,e5,7f,0c,8c,2f,ca,75,11,fd,ea,81,52,c0,20,38,c5,9f,3a,24,19,e2,51,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2236175-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB42C02-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d3,ab,5c,
7a,09,eb,e5,7f,0c,8c,2f,ca,75,11,fd,ea,81,52,c0,20,38,c5,9f,3a,24,19,e2,51,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(344)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-18 12:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 02:26
ComboFix2.txt 2010-07-25 06:11
ComboFix3.txt 2010-07-22 12:41

Pre-Run: 163,604,783,104 bytes free
Post-Run: 163,472,777,216 bytes free

- - End Of File - - 4A6FE26B869D2BAD14E54B8C05CD7B72


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 05:22 AM

Hi, two questions here: do you have this problem in all browsers?

How are you connected to the internet? If you are using a router, please reset it and see if that fixes the problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 07:30 AM

Question one:

Yes but not the same symptoms, not as many sites get redirected in IE compared to Firefox, but they still occur. Same with pop-ups too.

Question Two:

Yea I am, I reset it (turned it off for a mintue, dynamic ip so new ip) and no change, if anything it felt like it redirected even faster haha.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 07:43 AM

Turning off is not the same as resetting. It should have a small hole in the backside that you can punch with a pen or something like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 08:07 AM

there is only and on/off button, can't find any sort of reset button at all.

Its a netgear DGN2000 if that helps...

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 08:52 AM

Hold the wireless on/off and WPS button on the router for 6 secs to reset it to factory defaults.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 08:53 AM

ok done, after resetting, forgetting my settings, finally putting them back in (stupid me didnt backup settings) still redirecting. sad.gif

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 09:01 AM

Please go here: https://www.grc.com/x/ne.dll?bh0bkyd2

Click Proceed and then do the Ports scans. Please post me the summary of the results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 bbbailey

bbbailey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 August 2010 - 09:10 AM

could only find two tests with output:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2010-08-28 at 14:04:00

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------
----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2010-08-28 at 14:04:40

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 28 August 2010 - 10:23 AM

Please post me a new OTL log. Those results are as good as they can be. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users