Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Lots - Avira Antivir Reports WIN32/pedalac.A and HTML/Rce.Gen


  • This topic is locked This topic is locked
40 replies to this topic

#1 skitzo

skitzo

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 27 August 2010 - 09:56 AM

Hi there,
I have been using this site as a knowledge base for quite sometime. Let me first start by saying what a great job you folks do. 99% of my issues have been solved simply by reading, following your instructions, and using your wonderful tools. I am however at a point where I cannot seem to lose whatever this is on my own. So welcome to my first post and my first virus/maleware issue that I cannot clean up based on your wonderful site.

I have followed your instructions and the logs are to follow. I want to add this all started happening after I installed dropbox. I run a small software development (I should say I manage developers) and I wanted a way to back up their work and give me visibility. Well since adding dropbox I have been FLOODED with warnings from Antivir. It seems to target or show files that were previously ok, with no issues. It also seems to never provide the same file warning, it is jumping from *.exe and *.dll files in and around my computer.

I should also add that FireFox is spotty to load at best. Sometimes it does, most times it will not open. In fact, I needed to use IE to read the guide and create this post. So far that is the only program that I seem to be having issue with.
When all this was happening, I did run some malewarebytes which did find some issues, I cleaned them up and restarted. Once I did that a Windows installer started which I forced closed. It has since stopped doing such. It was hiding as installing Cisco VPN client (something already present on my machine). I have since stopped doing any actiuons with Antivir until advised.

Here's hoping with your help I can get to the bottom of this.

Thanks a Bunch!
-N

___________________________________________________________________________________________________________________________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by sKitzO at 10:04:41.74 on Fri 08/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2025 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\UnHackMe\hackmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Users\sKitzO\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Users\sKitzO\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://localhost/dashboard/login.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: c:\users\skitzo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\skitzo\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6086/mcfscan.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\skitzo\appdata\roaming\mozilla\firefox\profiles\9q912pca.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 60936]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-7-9 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-7-9 24416]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-20 11264]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]

=============== Created Last 30 ================

2010-08-27 13:59:21 20 ----a-w- c:\users\skitzo\defogger_reenable
2010-08-27 13:02:14 0 d-----w- c:\windows\McAfee.com
2010-08-27 04:20:33 3342 ----a-w- c:\windows\system32\tmp.reg
2010-08-27 03:44:06 1594 ----a-w- c:\windows\VPNUnInstall.MIF
2010-08-25 13:44:32 0 d-----w- c:\users\skitzo\appdata\roaming\Dropbox
2010-08-13 15:50:16 0 d-----w- c:\program files\FileTrack Pad
2010-08-12 05:29:20 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 05:29:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 05:29:11 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 05:29:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-12 05:29:06 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 05:29:03 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 05:28:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 05:28:53 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 05:28:52 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 05:28:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 05:28:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 05:28:48 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 05:27:12 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-08-07 05:27:12 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-08-07 05:27:12 100880 ----a-w- c:\windows\system32\Packet.dll

==================== Find3M ====================

2010-08-27 14:01:48 31966 ----a-w- c:\programdata\nvModes.dat
2010-07-23 12:50:37 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-07-13 02:35:56 8 ----a-w- c:\users\skitzo\appdata\roaming\vdnxlf.dat
2010-07-09 16:56:09 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-09 16:56:09 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-07 14:14:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-09 17:48:16 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-09 17:48:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-09 17:47:55 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-23 07:02:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:11:06.25 ===============

Auto Scanned happened last night, and my gosh.
I can't imagine all are infected. I took no action with them until I recieve advice here.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 29 August 2010 - 04:28 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 03 September 2010 - 07:10 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 03 September 2010 - 09:55 AM

As requested. Thanks again!
-N


DDS (Ver_10-03-17.01) - NTFSx86
Run by sKitzO at 9:22:12.27 on 03/09/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.1587 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\UnHackMe\hackmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Users\sKitzO\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sKitzO\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://localhost/dashboard/login.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: c:\users\skitzo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\skitzo\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6086/mcfscan.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\skitzo\appdata\roaming\mozilla\firefox\profiles\9q912pca.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 60936]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-7-9 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-7-9 24416]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-20 11264]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]

=============== Created Last 30 ================

2010-08-27 13:59:21 20 ----a-w- c:\users\skitzo\defogger_reenable
2010-08-27 13:02:14 0 d-----w- c:\windows\McAfee.com
2010-08-27 04:20:33 3342 ----a-w- c:\windows\system32\tmp.reg
2010-08-27 03:44:06 1594 ----a-w- c:\windows\VPNUnInstall.MIF
2010-08-25 13:44:32 0 d-----w- c:\users\skitzo\appdata\roaming\Dropbox
2010-08-13 15:50:16 0 d-----w- c:\program files\FileTrack Pad
2010-08-12 05:29:20 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 05:29:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 05:29:11 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 05:29:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-12 05:29:06 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 05:29:03 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 05:28:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 05:28:53 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 05:28:52 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 05:28:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 05:28:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 05:28:48 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 05:27:12 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-08-07 05:27:12 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-08-07 05:27:12 100880 ----a-w- c:\windows\system32\Packet.dll

==================== Find3M ====================

2010-08-30 00:46:57 31966 ----a-w- c:\programdata\nvModes.dat
2010-07-23 12:50:37 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-07-13 02:35:56 8 ----a-w- c:\users\skitzo\appdata\roaming\vdnxlf.dat
2010-07-09 16:56:09 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-09 16:56:09 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-07 14:14:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-09 17:48:16 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-09 17:48:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-09 17:47:55 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-23 07:02:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:23:56.77 ===============

Attached Files


Edited by skitzo, 03 September 2010 - 09:56 AM.


#4 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 September 2010 - 12:48 PM

It's been a few days since I posted the last logs.
Should I be posting another one for help? Sorry, just want to provide the best evidence I can to get me sorted out.

Thanks!
-N

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 12:16 PM

Hi skitzo,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.



Step1

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Step2
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  6. Copy and paste both logs back here in your next reply.

In your next reply, please post back:

1.MBAM log
2.OTListIt.txt and Extra.txt

Please detail the problems you're still experiencing now. Thanks


#6 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 September 2010 - 01:26 PM

Thanks sundavis, I have been waiting just for you thumbup.gif

I already had MB installed to sort out a prior problem, and in fact did a scan prior to posting my issue on the boards. After I posted I did not want to try to confuse things by trying random fixes, so I left it. I have since updated MB and you will find the log pasted below.

As far as the problems I am experiencing, Antivir is still popping up every day with oodles of 'viruses or unwanted programs'. Since the initial hit, I disabled my nightly scan as it would bleep about 600+ times at 3am, needless to say the wife was not happy with this. I constantly get the Guard: maleware found pop up, but have just left it be, always up. As soon as I close it or try to repair something it simply pops up again. I figured I would once again wait for you good folks to get me sorted.

It seems some programs are not working as I believe certain files are being quarinteened or denied by Antivir. Also, mappoint 2009, a program I have not used in forever trys to instal every time a launch a microsoft office product (word, excel etc). I have since removed that program via control panel > add remove. This seemed to remedy this.

All in all, the issue is still Antivir finding 600+ issues as seen from that screen shot.

MB just finished with no detections, So here is the log. The OTL logs are to follow.

cheers!
-N
_______________________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4590

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/09/2010 2:20:13 PM
mbam-log-2010-09-10 (14-20-13).txt

Scan type: Quick scan
Objects scanned: 150987
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________________________________________________________________________

OTL logfile created on: 10/09/2010 2:22:07 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\sKitzO\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.56 Gb Free Space | 22.22% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 112.16 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive E: | 525.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 155.36 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: sKitzO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/10 14:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sKitzO\Desktop\OTL.exe
PRC - [2010/09/08 11:45:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/02 10:04:34 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/07/07 10:14:04 | 000,594,200 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2010/06/01 06:03:56 | 010,477,653 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\server\SqueezeSvr.exe
PRC - [2010/06/01 06:03:32 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\SqueezeTray.exe
PRC - [2010/06/01 06:03:00 | 004,149,248 | ---- | M] () -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/30 12:35:24 | 000,513,281 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\sKitzO\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/25 20:41:32 | 006,691,360 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/11/25 13:57:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/20 22:23:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008/01/20 22:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/10/14 04:45:44 | 000,199,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 14:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sKitzO\Desktop\OTL.exe
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/01 06:03:00 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/10 23:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/02/19 12:33:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/25 13:57:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/21 22:47:52 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/20 22:23:19 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/20 22:23:18 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/20 22:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/26 14:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/10/14 04:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005/10/14 04:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2005/10/14 04:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/14 04:46:58 | 014,557,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2005/10/14 04:45:44 | 000,199,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2005/08/26 17:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/07/23 08:50:37 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/07/09 12:56:09 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/05 16:34:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/30 22:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 21:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 21:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/10 12:33:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/01/10 12:33:13 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/01/10 12:33:12 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/01/10 12:33:09 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/11/25 16:26:56 | 002,243,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/04 02:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/01/20 22:23:29 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2008/01/20 22:21:57 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 22:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:21:30 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 22:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/12 07:43:18 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/18 14:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2803437667-677581579-4023559892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://localhost/dashboard/login.aspx
IE - HKU\S-1-5-21-2803437667-677581579-4023559892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2803437667-677581579-4023559892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 11:45:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 11:45:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/04/09 16:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/01/09 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Mozilla\Extensions
[2010/09/09 09:42:42 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Mozilla\Firefox\Profiles\9q912pca.default\extensions
[2010/07/08 12:54:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sKitzO\AppData\Roaming\Mozilla\Firefox\Profiles\9q912pca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/08 11:46:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\sKitzO\AppData\Roaming\Mozilla\Firefox\Profiles\9q912pca.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/09 09:42:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 09:02:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/08 12:43:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/26 13:32:02 | 000,105,472 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/07/22 20:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 20:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 20:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 20:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/27 08:15:20 | 000,416,946 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.nero.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14392 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2803437667-677581579-4023559892-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\sKitzO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sKitzO\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...086/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sKitzO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\sKitzO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/23 07:40:02 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (e settings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\G\Shell) - C:\Windows\System32\Shell.dll (Microsoft Corporation)
O34 - HKLM BootExecute: (nt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 14:15:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\sKitzO\Desktop\OTL.exe
[2010/09/07 14:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/09/03 09:28:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/27 09:02:14 | 000,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2010/08/27 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\Desktop\SmitfraudFix
[2010/08/25 09:46:45 | 000,000,000 | R--D | C] -- C:\Users\sKitzO\Documents\My Dropbox
[2010/08/25 09:44:32 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\AppData\Roaming\Dropbox
[2010/08/13 11:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileTrack Pad
[2010/08/07 01:27:12 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010/08/07 01:27:12 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010/08/07 01:27:12 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010/08/01 01:43:51 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\Desktop\Warrior
[2010/07/26 10:15:00 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\AppData\Local\Apple Computer
[2010/07/23 09:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/12 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\Desktop\Maleware
[2010/07/11 21:04:35 | 000,000,000 | ---D | C] -- C:\BackSys
[2010/07/09 13:00:36 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/07/09 12:56:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/07/09 12:24:07 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/07/09 12:24:07 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/07/09 12:23:52 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\Documents\RegRun2
[2010/07/09 12:23:51 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/07/09 12:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/08 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\AppData\Roaming\Malwarebytes
[2010/07/08 13:01:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/08 13:01:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/08 13:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/08 13:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 12:46:31 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\AppData\Roaming\0116C17ECB6EFEFA2D599D46ECA3CB96
[2010/07/08 12:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/08 12:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/30 23:59:54 | 000,000,000 | ---D | C] -- C:\Users\sKitzO\AppData\Roaming\Vubywu
[2010/06/30 13:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/06/30 13:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/10 14:22:04 | 007,864,320 | -HS- | M] () -- C:\Users\sKitzO\NTUSER.DAT
[2010/09/10 14:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sKitzO\Desktop\OTL.exe
[2010/09/10 13:47:16 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/10 13:47:16 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 12:59:30 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/08 11:40:20 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/08 11:40:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 11:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 11:39:56 | 3488,727,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 11:38:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/08 11:37:57 | 000,524,288 | -HS- | M] () -- C:\Users\sKitzO\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 11:37:57 | 000,065,536 | -HS- | M] () -- C:\Users\sKitzO\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/09/08 11:37:34 | 003,314,423 | -H-- | M] () -- C:\Users\sKitzO\AppData\Local\IconCache.db
[2010/09/08 11:37:26 | 261,334,016 | ---- | M] () -- C:\Users\sKitzO\Desktop\Outlook.pst
[2010/09/07 14:49:21 | 000,002,657 | ---- | M] () -- C:\Users\sKitzO\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/09/07 14:41:30 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/07 14:41:29 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/09/03 10:08:04 | 468,123,172 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/30 09:34:11 | 000,001,748 | ---- | M] () -- C:\Users\sKitzO\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/30 09:34:11 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/29 20:52:45 | 000,136,704 | ---- | M] () -- C:\Users\sKitzO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 08:47:41 | 000,076,539 | ---- | M] () -- C:\Users\sKitzO\Desktop\scan.png
[2010/08/27 10:18:09 | 000,284,915 | ---- | M] () -- C:\Users\sKitzO\Desktop\gmer.zip
[2010/08/27 10:04:24 | 000,525,824 | ---- | M] () -- C:\Users\sKitzO\Desktop\dds.scr
[2010/08/27 09:59:34 | 000,000,020 | ---- | M] () -- C:\Users\sKitzO\defogger_reenable
[2010/08/27 09:59:05 | 000,050,477 | ---- | M] () -- C:\Users\sKitzO\Desktop\Defogger.exe
[2010/08/27 08:15:20 | 000,416,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/27 00:20:33 | 000,003,342 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/08/26 23:46:05 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/08/25 09:46:45 | 000,000,959 | ---- | M] () -- C:\Users\sKitzO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/12 06:25:52 | 000,368,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/07 02:08:01 | 000,933,686 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/07 02:08:01 | 000,769,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/07 02:08:01 | 000,163,458 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/07 01:27:12 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010/08/07 01:27:12 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010/08/07 01:27:12 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010/08/06 09:53:58 | 000,000,517 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/08/06 09:53:42 | 000,000,065 | ---- | M] () -- C:\Windows\System32\bd9440cn.dat
[2010/08/06 09:53:42 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/08/03 13:18:59 | 000,000,403 | ---- | M] () -- C:\Users\sKitzO\Documents\ChatLog Meet Now 2010_08_03 13_18.rtf
[2010/07/31 21:55:52 | 000,363,520 | ---- | M] () -- C:\Users\sKitzO\Desktop\rkill.com
[2010/07/23 08:50:37 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/07/20 14:04:42 | 001,303,616 | ---- | M] () -- C:\Users\sKitzO\Desktop\FileTrail Slides.docx
[2010/07/20 03:30:29 | 000,000,325 | --S- | M] () -- C:\Windows\System32\483087467.dat
[2010/07/12 22:35:56 | 000,000,008 | ---- | M] () -- C:\Users\sKitzO\AppData\Roaming\vdnxlf.dat
[2010/07/12 01:30:26 | 000,000,518 | -H-- | M] () -- C:\regrun.war
[2010/07/09 12:56:09 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/07/09 12:56:09 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/07/09 12:56:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/09 12:56:08 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/07/09 12:56:08 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/07/08 21:58:39 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/07/08 21:56:33 | 000,411,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100827-081520.backup
[2010/07/07 10:14:14 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/06/15 16:01:41 | 000,000,851 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2010/06/15 16:01:41 | 000,000,849 | ---- | M] () -- C:\Users\sKitzO\Desktop\Squeezebox Server.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 09:52:23 | 000,284,915 | ---- | C] () -- C:\Users\sKitzO\Desktop\gmer.zip
[2010/09/07 14:41:29 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/09/07 14:41:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/03 09:28:34 | 468,123,172 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/30 09:34:11 | 000,001,748 | ---- | C] () -- C:\Users\sKitzO\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/30 09:34:11 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/28 08:47:41 | 000,076,539 | ---- | C] () -- C:\Users\sKitzO\Desktop\scan.png
[2010/08/27 10:18:37 | 000,293,376 | ---- | C] () -- C:\Users\sKitzO\Desktop\gmer.exe
[2010/08/27 10:04:19 | 000,525,824 | ---- | C] () -- C:\Users\sKitzO\Desktop\dds.scr
[2010/08/27 09:59:21 | 000,000,020 | ---- | C] () -- C:\Users\sKitzO\defogger_reenable
[2010/08/27 09:58:56 | 000,050,477 | ---- | C] () -- C:\Users\sKitzO\Desktop\Defogger.exe
[2010/08/27 08:30:20 | 3488,727,040 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/27 00:20:33 | 000,003,342 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/08/26 23:44:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/08/25 09:46:45 | 000,000,959 | ---- | C] () -- C:\Users\sKitzO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/13 11:50:16 | 000,001,255 | ---- | C] () -- C:\Users\sKitzO\Desktop\RFID_Pad.exe.config
[2010/08/03 13:18:59 | 000,000,403 | ---- | C] () -- C:\Users\sKitzO\Documents\ChatLog Meet Now 2010_08_03 13_18.rtf
[2010/07/31 21:55:49 | 000,363,520 | ---- | C] () -- C:\Users\sKitzO\Desktop\rkill.com
[2010/07/20 13:52:08 | 001,303,616 | ---- | C] () -- C:\Users\sKitzO\Desktop\FileTrail Slides.docx
[2010/07/12 22:36:00 | 000,000,325 | --S- | C] () -- C:\Windows\System32\483087467.dat
[2010/07/12 22:35:56 | 000,000,008 | ---- | C] () -- C:\Users\sKitzO\AppData\Roaming\vdnxlf.dat
[2010/07/11 21:13:57 | 000,000,518 | -H-- | C] () -- C:\regrun.war
[2010/07/09 12:24:07 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/07/08 21:58:39 | 000,000,242 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/08/23 02:44:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/01 17:06:58 | 000,000,517 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/08/01 17:06:58 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/08/01 17:06:03 | 000,000,816 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/08/01 17:06:03 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/08/01 17:01:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/08/01 17:01:19 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/08/01 17:01:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/08/01 17:01:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/08/01 16:59:50 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/25 09:47:40 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/25 09:47:40 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/27 13:36:23 | 000,000,145 | ---- | C] () -- C:\Users\sKitzO\AppData\Roaming\default.rss
[2009/03/27 13:32:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/27 14:59:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/27 14:59:17 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/13 13:54:55 | 000,000,059 | ---- | C] () -- C:\Users\sKitzO\AppData\Local\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
[2009/02/13 13:53:16 | 000,000,082 | ---- | C] () -- C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
[2009/02/13 11:54:04 | 000,038,444 | ---- | C] () -- C:\Users\sKitzO\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/02/13 11:52:56 | 000,038,430 | ---- | C] () -- C:\Users\sKitzO\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2009/02/13 11:52:53 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/03 14:10:34 | 000,136,704 | ---- | C] () -- C:\Users\sKitzO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/12 01:41:57 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2009/01/12 01:41:57 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/01/12 01:41:54 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/01/12 01:41:54 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/01/12 01:41:07 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/01/09 19:00:36 | 000,001,356 | ---- | C] () -- C:\Users\sKitzO\AppData\Local\d3d9caps.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/06/27 09:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/02/18 12:20:45 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\.salesforce.com
[2010/07/08 12:46:37 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\0116C17ECB6EFEFA2D599D46ECA3CB96
[2009/01/10 13:08:44 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Acronis
[2009/02/08 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\D-Link Media Server
[2009/11/05 17:11:08 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\DAEMON Tools Lite
[2009/02/25 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\DNA
[2010/09/08 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Dropbox
[2009/11/06 01:15:20 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\GameRanger
[2009/02/23 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\gtk-2.0
[2009/04/03 12:05:26 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\ICQ
[2009/02/03 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\MediaServerDump
[2010/02/18 12:55:20 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\PC-FAX TX
[2009/02/13 13:53:16 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\PixelMetrics
[2009/10/22 11:34:33 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\salesforce.com
[2010/01/20 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\ScanSoft
[2010/08/26 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\SystemRequirementsLab
[2009/02/20 14:47:43 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Thunderbird
[2010/09/10 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\uTorrent
[2010/08/12 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Vubywu
[2010/08/26 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\sKitzO\AppData\Roaming\Wewyda
[2010/09/08 11:38:03 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
____________________________________________________________

OTL Extras logfile created on: 10/09/2010 2:22:07 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\sKitzO\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.56 Gb Free Space | 22.22% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 112.16 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive E: | 525.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 155.36 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: sKitzO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2803437667-677581579-4023559892-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2803437667-677581579-4023559892-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D782AC-8024-4704-8609-A7A10B11BA60}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03CFF3A9-2A1A-4588-BE6F-1FDBB20721A5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{057A6B27-3067-4543-8BB7-D8E7919857C1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{10E61E06-4EBD-4D5E-902B-23F0D3D18856}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14603047-3E4F-4064-B50A-605A9457A63C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{231A72C2-AB6A-48AE-962C-5F721D1B76ED}" = rport=139 | protocol=6 | dir=out | app=system |
"{25A1F95D-27EB-4C05-B7FA-A4CA7128A1AA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{27F7C696-4710-4631-ACA9-B8C6199A9648}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2A0B11F2-1522-4194-8284-0B423E91A33C}" = lport=60198 | protocol=6 | dir=in | name=utorrent |
"{30FE89CC-B1F9-4587-98AB-9F852B5D32DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32258AE6-FC77-4739-800C-A07846413CE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{33D49639-0099-4655-93D0-5109A2BA8785}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{358B4BC9-93EB-4DF6-B590-60604823F5D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35D3C915-E786-4A27-9BEB-F60119D30CE4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3BAB0CAE-4026-446C-AC8A-673256816F73}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DC41E60-8450-4D12-AB12-16ADEA90E3BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B58B29B-251A-417B-AA7A-DD87D990BF69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C5FAA87-3591-4D43-BDDA-31F85DD09327}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5995B8F3-40D0-4045-A1B4-56354F98FC6F}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C5A1B67-1041-4A46-8340-F90188DA34C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5DF87A11-D2E5-41E4-8765-E167AB721480}" = lport=10243 | protocol=6 | dir=in | app=system |
"{61FB0C1E-35C0-4D3A-9A62-41E1BA452C3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{65F4A3E0-6C9D-42ED-9479-64C19D0BE29C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{68B3290E-59AA-46B6-B530-C8375EB51C1A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69A5B947-4B7E-4BAA-9D53-985BBE477B72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F583EE9-899C-4195-8A04-4FA091627A76}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F6728B3-8BD0-4295-A8E6-F903DB6507BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71358F0F-A05E-4369-AFF4-2D35135EEB5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7443649D-20A7-4C82-B4F4-947005DC05C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C4F1FCE-1C9D-42E9-B81A-DC67D74A9CC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{854CD466-662A-4114-96B9-1A5020CC731C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{860A5BDD-FAC6-40D3-81F3-0D3253F92038}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{875682B9-76AE-4A47-9C11-7E8EB6E17CCB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8BB29282-22E9-4739-99A1-5CF126E2B31C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90D04E0F-D704-4945-A04A-EA5BE385278C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9236E319-D2CF-455C-9288-B47ACA935D86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{926524AB-29B4-4F12-9C97-A8A624D6D9D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{937D149A-A8E6-4D1D-9F85-4E743A96F703}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9560DD66-DD57-4F43-84DD-613674DF7E73}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{968C6940-11DD-4AA1-815A-7F914AE49D4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{989499B4-3E5E-4109-B877-0F687B15AFD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9965D509-2EF9-4E80-A2DE-06296BE05464}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A386E95E-AB79-4232-AAFD-45EB67221A7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B02239BB-05B0-4D1E-83FE-187186E6F5E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0FF3480-1878-4EDE-8014-B72BD64EE65E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B2FE2DB6-F07C-4945-8A24-24B85CC67EB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B78F1FBC-19DE-4554-BB08-E31E651A0778}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BA418591-1142-4C09-845A-7F7F71AE8844}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BBCAC696-080F-4743-8272-44AB20E767B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C0BC0DF1-5C81-45BA-9475-F6F322E8BEBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4568BBF-54F6-4D7A-8A6B-D564C9CC1449}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C91FB939-1EA6-4238-AF4B-E09A53D348FF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CA22A664-4B5E-4A7A-B2FA-285FE24D3223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEF32ED3-FCC5-41C1-B78F-44215EDF93DC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E26BBA15-02AD-4744-95DB-7980944479D8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E314C12A-0080-45A6-A73E-F4AE76FF1B91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5D279AC-0FB3-4E26-8D99-7ED26C26F18B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E61F19F8-6DC6-409F-A4B2-7E63D1279FE2}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6ADD9A0-F568-4D23-B5C0-C5FB9110FEAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E74B5D40-4656-43A7-982B-562D3197F3B1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E7E6D3C9-4E63-48C9-930D-CB1799DB795F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA1B6269-6B4B-49C3-9925-4E204503DE60}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC4F9CB0-781A-4D8B-8902-5A7640A0E3F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED5B2359-3D3C-4EEF-A1E7-1661FAF27BD2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED93CD12-1CE4-44C0-A4E9-6C5728505A40}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9D9C57A-A07A-4258-A40F-D4607A2B0C12}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B5134A-920A-4B8C-A335-1E361B26BFDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{026F04BF-3233-407E-B3B6-D24CE85A0E5B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04723608-3EAD-4AAD-85FE-25D3DC478E2D}" = protocol=6 | dir=in | app=d:\media server\mediaserver.exe |
"{060048DE-A17F-4E26-9B8E-6B4E885D67C7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0849FD81-33FF-4909-9113-93DE0ED55700}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{08BAAA93-B203-4CF4-961C-6C2E24ABE60F}" = protocol=17 | dir=in | app=c:\program files\d-link media server\mediaserver.exe |
"{08BDB9D7-8C72-4B3A-A834-74BD4FAF9CA3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0AC8375B-E5A5-4B2A-8AFF-BE5E4D8625BE}" = protocol=6 | dir=in | app=c:\program files\d-link media server\mediaserver.exe |
"{0BC6CC7C-E96A-4B1E-B199-3CFD6EF638BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E950614-1226-434D-AE8E-DE3B185AE732}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{10230892-E903-478F-AF2F-5C2DA9A7A0E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{156F64EB-E9A2-4E09-9DE8-B42F89BAB262}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{195FBE7E-A569-4E45-9597-FF97A7627E2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E5B3481-443E-418A-B24F-0C0B4D6C16AF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{1F46F229-BBE6-4F61-811B-35E84A3BFF5C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FEF9B41-17F8-43A8-AA0F-BA8473495111}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{221EF1E1-6D1F-4B85-A0BC-87E75E22920A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{23172119-8BA6-4CD4-A73D-B2B5A81B5D89}" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\roaming\dropbox\bin\dropbox.exe |
"{261C013A-18AD-4E26-B227-AC211D4F0FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{272B2E32-DA5A-4422-B2DD-4BEEE7FE0742}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29E06CF3-F843-428F-84B2-80277E4B731D}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{2CAC581C-5D6C-414C-8BB5-CDA045F689EB}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{2CECD623-B43C-498B-B655-C9C264BFC830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D77CE06-808A-4F34-983C-26FB5568D95A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2EB449C3-D396-4888-86A9-DB4B14C621B1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F62405C-AD2D-4DBB-A54C-0CC82C447A6D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{30134082-8F9C-477E-9067-0F3C1EB427AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31F44443-E6DA-44B0-BEF3-AC9F50CE0442}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{321354D3-9509-483A-B2F9-762F8A3179B6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{35B52E47-C3D6-4BED-83AD-43B2BCBDE307}" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\local\tversity\media server\mediaserver.exe |
"{392932DE-4964-4ADB-99C4-FBCCE6A63163}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{39B22B65-8C5D-4AA6-A53B-108D46C55A2D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39E86662-AC55-4F27-8E55-6211C9EB0CAA}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3A41DD37-26D7-47F6-A73A-149E49B99E82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B3E8247-026A-4AA9-9BC5-A7453D2762A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B7BEE16-3DA8-4C8E-B149-61C0C3E99017}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{3C85B2D7-C8EF-430F-94AF-14F9021BE396}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3CCEAF06-1489-46CC-8F31-B701AECD5BEC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{40DFC8AA-18BE-48F7-B97E-87143E664962}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4118F625-4D48-47E3-A2E7-CC5C6A05FB7E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{4415ADDB-824F-4C51-AA77-E54F40443EEE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4531E091-1517-4A7F-BCF1-5FF9501C0148}" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\local\tversity\media server\mediaserver.exe |
"{4A4C28B5-DA28-4188-918D-E788B28ACF6B}" = protocol=17 | dir=in | app=d:\media server\mediaserver.exe |
"{4D70B95B-3E31-4277-A3E3-C1EDCB03F755}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{4E712E33-FAF9-4CE6-AAC3-84788EF1AAE9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{4FF1FA90-BB19-499C-8267-4B71A5FA257A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{50EC36E0-7487-4286-96BC-5076B2FA3932}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{520B4EAE-AA02-4FB8-BC89-67C3FE50FEA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{523475B8-876A-4C98-B784-5B5231727A1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{523987CC-4C5C-4743-907C-FE1BB5179A9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{547CAF2F-0E5C-4929-86DE-AFA6746EB69F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{57638D57-3A0C-45E8-8600-459796E188A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5864F7CE-AF47-4571-9EFB-9EBA68529293}" = protocol=17 | dir=in | app=c:\program files\d-link media server\mediagui.exe |
"{5940F64F-C648-4356-A98F-A1DA8F7872CA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{594B8556-C351-430E-A2CF-2FE5A9157317}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5A3CE0EA-5C20-4738-9813-91D3151EBFF2}" = protocol=6 | dir=in | app=c:\program files\d-link media server\mediagui.exe |
"{5CD47015-9E88-452F-B014-586C3CED032E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5FF15932-8DA2-48F5-9770-7DB2BA85ACE1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{671386CD-D5EF-4B41-B260-062A082E180D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ADA3681-52C0-41D3-91B6-BA6F7ACAC096}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E7446F8-29B8-465C-84E5-33F0149A53DC}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{80F0C024-BC40-4813-98EA-244A1457E735}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{8344ECBA-5543-43B2-B708-17F5F78D0C7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{843509EB-6276-454B-B07E-A11339F30507}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{876F08E3-8E6A-481A-88FE-AAB4EEEB7DB0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8894A39E-6911-4BAD-9760-020FD4B48D44}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{890B4A50-4BBC-40D9-8566-57D0898B57B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C25AEC1-F9B0-4F6C-8E07-D2E376B19A26}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9016EFA1-191E-4D9B-B411-9995A277E54B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{915B1E6B-1A62-4105-9A13-FFBE1B662D8D}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{92752402-B82C-42C7-82B1-E69409FF1012}" = protocol=6 | dir=in | app=c:\program files\filezilla server\filezilla server interface.exe |
"{968A5FAF-69BD-4E26-A2EE-9F7FC0F30B5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96EB107B-5CCE-4218-A1B0-8F829CAF3F82}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9901706F-6905-421F-B77B-F6A4F68BD6B5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{998F62EC-8517-45B0-AAA7-918219225FA2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AED21F9-A8F3-4D26-A6E9-506EA54EB872}" = protocol=6 | dir=out | app=system |
"{9D5BF685-8D04-4C47-8EF8-976509A73FBA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A094228F-033C-4654-BCB1-BBB4D4B71D41}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A12B2679-C788-4748-A8CF-ED3D34E9FA48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A239121A-089C-4303-92A5-D0584234BFBB}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{A61549A5-1490-4D0C-AE2C-907AB43349B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AACFCD4D-0299-41E4-A624-F5B27EB593A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3EC82F6-37E3-4B18-B5A2-34322F60C854}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B7B9D068-0933-4920-9671-35A304072CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B86579C3-F5E0-4EF6-B8B8-F8EBD5162E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD30D2EA-2F03-4437-B99E-648AAB784A83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1B6145B-A9BA-43BA-AA44-19D77F1E531F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C39B5514-31F3-47C6-B435-3F7A0E2A7A97}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{C40B1D65-A791-4033-8F94-B9403F6476E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{C43DC145-A77D-4051-8E5D-6E72EE756228}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4BC34D2-B549-452A-BA0F-0C5BEA40B89C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C7D36BD2-1ACF-4B4E-B490-AD38468FB5E1}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{CD10EDB2-1C66-4527-B94B-1DB61FE45B29}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{CE01EDFE-3E58-4FB5-B3F8-5636EAD72E07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE463D71-38E9-4517-B95B-FE0EBB95EA7C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1AE44C0-EEAF-4DEC-8BEE-0B06EA0A9596}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D53D2A3F-1E37-43BE-B178-6DAACDCE98A7}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DC6A7974-5F34-4ACD-A666-438B82A5CDFA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DCCCF15A-FF37-4804-B45D-DCA9C4F2E104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD9A23CC-C6C7-4DDA-B689-658AE1BCFC57}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{E52F49A4-922E-47A7-A91B-5185440D91C2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E76DC95B-2B99-4D87-A7E5-2A7010132008}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E78A5428-A545-4F42-8C65-8C8A0E7DD843}" = protocol=17 | dir=in | app=c:\program files\filezilla server\filezilla server interface.exe |
"{E798E724-921A-4476-B3A1-FE1576F69994}" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8D44C6D-28ED-4CEC-9377-668EFAB4C2D5}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{EC78C616-1D74-4E4A-9631-4D6FCEDB44F2}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{F4EDF54D-0580-4EBD-B364-94670CA595A5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F948825A-489D-4448-802D-4FE93D1E2744}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB9FD722-EDD1-4723-816E-CFAD21B38266}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{FECD1981-E5BA-447A-AA85-DA6969E09422}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{00AF0B1E-11AB-4F75-954D-42AB4F8C4298}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{1F524575-62FC-4C24-B5E7-28379AFC1A90}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{24B52B0C-816F-40B5-9420-6F27D60420A2}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{32651771-92F3-417F-95E0-2FC6C90C66CB}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{369D1815-E1C6-4A62-A01A-1E3C74CCDB44}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{405B4EDB-7BEA-481A-A856-44BE9E810B06}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{41690925-DE04-48FC-8C03-40A27BBEA96E}C:\users\skitzo\appdata\roaming\mediaserverdump\liveupdate\olupdate.exe" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\roaming\mediaserverdump\liveupdate\olupdate.exe |
"TCP Query User{55DC0061-BB1D-4CED-AAF0-6A5413285C87}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{5A2796DF-C2B3-41E7-8AFA-AA274AACA95E}C:\users\skitzo\appdata\local\temp\blizzard launcher temporary - c6f428d0\launcher.exe" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\local\temp\blizzard launcher temporary - c6f428d0\launcher.exe |
"TCP Query User{5A2EF254-7EA8-429E-8338-06F963146C34}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{5ED99F30-53C5-422D-82E4-0743739BAD63}C:\users\skitzo\appdata\local\temp\blizzard launcher temporary - 3765ff50\launcher.exe" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\local\temp\blizzard launcher temporary - 3765ff50\launcher.exe |
"TCP Query User{6E9EB066-C99F-4E32-B7C4-0A61235DD7F8}C:\users\skitzo\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\skitzo\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{8B2E7687-70C5-4AD2-8A6B-8BE27F9E9D03}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{AB9BDE87-2FD5-4B82-92D5-916D7ABB8719}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B28991C6-2173-4820-9DBC-85FB7CDA8617}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{B75619A0-1047-4C40-A52D-5A14DCA356FE}C:\windows\system32\update.exe" = protocol=6 | dir=in | app=c:\windows\system32\update.exe |
"TCP Query User{C47D6A4E-F704-4265-A185-ED586BFE0C5C}C:\windows\system32\risky.exe" = protocol=6 | dir=in | app=c:\windows\system32\risky.exe |
"TCP Query User{CB71D0EC-419A-43C9-8BAA-7730D4E4391F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0B62F554-BD57-4FC5-936F-A6106791C707}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{1092CE70-5414-49D6-B3DC-D666F5571788}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{49E84A0C-4259-42CC-9B1F-203C002B94BD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{616E30E7-5346-4B0A-9B68-81BABAB0E155}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{895A9810-B6DB-4BCA-A628-AE5451A6FE65}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8DA03FC5-1B75-492D-B063-D780AD0AD28C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8DB540DE-19F9-4551-B61E-D512C9773A40}C:\users\skitzo\appdata\local\temp\blizzard launcher temporary - c6f428d0\launcher.exe" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\local\temp\blizzard launcher temporary - c6f428d0\launcher.exe |
"UDP Query User{8FF8C555-D44D-4FEE-B035-098B7DF6A119}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{965538FC-971B-461B-A2D0-3F6CF9E4A05B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A05563EB-22AC-4DDF-A000-5AA2FA694BD0}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{AE696F3C-85D3-4924-A06C-0532DDFB4224}C:\users\skitzo\appdata\local\temp\blizzard launcher temporary - 3765ff50\launcher.exe" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\local\temp\blizzard launcher temporary - 3765ff50\launcher.exe |
"UDP Query User{B9F495D7-ECB2-46E0-A97A-8D1A2E254B2F}C:\users\skitzo\appdata\roaming\mediaserverdump\liveupdate\olupdate.exe" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\roaming\mediaserverdump\liveupdate\olupdate.exe |
"UDP Query User{BD8F9A68-8149-49AF-A912-563629E20CD4}C:\users\skitzo\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\skitzo\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{BE7EE130-4E01-4A02-8922-27715ACC1202}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{C2882C33-3AA3-4B15-BB2B-14127DAC5ABA}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{E34D65CB-83E8-4BA3-86D1-B602232CB403}C:\windows\system32\risky.exe" = protocol=17 | dir=in | app=c:\windows\system32\risky.exe |
"UDP Query User{F380EA02-B951-47D8-89DF-3F035050BA9A}C:\windows\system32\update.exe" = protocol=17 | dir=in | app=c:\windows\system32\update.exe |
"UDP Query User{FA5CBE80-90CF-4ADE-A637-5CFA98AF0C69}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005
"{1B18E877-FA65-4EF3-8095-FBD8010CAE36}" = Salesforce Outlook Edition 3.2
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{299900CD-A7FC-4727-8E48-B13372E35B3B}" = Dashboard Web Install
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}" = Microsoft SQL Server 2005 Notification Services
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{427b20ec-ca62-4da7-818b-f31a7d2af7bd}" = Nero 9 Trial
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}" = Microsoft SQL Server 2005 Analysis Services
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{C8CA292C-5085-4E38-979E-8F719A312590}" = FileTrack Pad
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CaptureWiz" = CaptureWizPro 4.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CurseClient" = Curse Client
"D-Link Media Server_is1" = D-Link Media Server 1.10
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian 2 Vista Loader" = PeerGuardian 2 Vista Loader
"PeerGuardian_is1" = PeerGuardian 2.0
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Soulseek2" = SoulSeek 157 NS 13e
"Squeezebox Server_is1" = Squeezebox Server 7.5.1
"SystemRequirementsLab" = System Requirements Lab
"UnHackMe_is1" = UnHackMe 5.95 release
"uTorrent" = µTorrent
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 2.25
"VLC media player" = VLC media player 0.9.8a
"Vliv" = Vliv 2.5.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2803437667-677581579-4023559892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"GoToMeeting" = GoToMeeting 4.5.0.457
"Winamp Detect" = Winamp Detector Plug-in
"World of Logs Client" = World of Logs Client
"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 2:49:43 PM | Computer Name = Desktop | Source = MsiInstaller | ID = 11321
Description =

Error - 07/09/2010 2:49:45 PM | Computer Name = Desktop | Source = MsiInstaller | ID = 11321
Description =

Error - 08/09/2010 11:41:32 AM | Computer Name = Desktop | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 12:40:15 PM | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 08/09/2010 12:40:15 PM | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 08/09/2010 3:14:43 PM | Computer Name = Desktop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 113c Start Time: 01cb4f6df6a384f6 Termination Time: 16

Error - 09/09/2010 1:51:56 PM | Computer Name = Desktop | Source = MsiInstaller | ID = 11706
Description =

Error - 09/09/2010 1:52:07 PM | Computer Name = Desktop | Source = MsiInstaller | ID = 11706
Description =

Error - 09/09/2010 1:52:49 PM | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 09/09/2010 1:52:50 PM | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 03/02/2009 6:57:56 PM | Computer Name = sKitzO-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 14/02/2009 10:59:05 PM | Computer Name = sKitzO-PC | Source = McrMgr | ID = 109
Description =

Error - 15/03/2009 5:29:22 PM | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 11:02:49 PM | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 28/04/2010 6:37:55 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 955
seconds with 360 seconds of active time. This session ended with a crash.

Error - 28/04/2010 6:39:37 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81
seconds with 60 seconds of active time. This session ended with a crash.

Error - 28/04/2010 6:41:03 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

Error - 28/04/2010 6:42:05 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/04/2010 6:42:18 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/05/2010 3:35:51 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56335
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:41:35 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7003
Description =

Error - 08/09/2010 11:42:12 AM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 08/09/2010 11:42:12 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7009
Description =

Error - 08/09/2010 11:42:12 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7000
Description =


< End of report >
__________________________________________________________________________________

Thanks again!

Edited by skitzo, 10 September 2010 - 01:30 PM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 02:03 PM

Hi skitzo,




Please download the following necessary files on your desktop. Then unplug your internet access and uninstall Avira via programs and features for temporarily. Restart your pc.

After performing the following steps, please reinstall Avira and rescan your computer and post the Avira log in your next reply if 600 problems still persist. wacko.gif


Step1
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop.
  3. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  4. If an infected file is detected, the default action will be Cure, click on Continue.
  5. If a suspicious file is detected, the default action will be Skip, click on Continue.
  6. It may ask you to reboot the computer to complete the process. Click on Reboot Now
  7. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  8. If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.
Step2
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
  3. http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  4. Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu.
    The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  5. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  6. Click Yes to allow Combofix to continue scanning for malware.
  7. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  8. Do not mouse click on Combofix while it is running. That may cause it to stall.
  9. If you have problem to run ComboFix, please delete that copy and redownload it again. Rename the ComboFix.exe to skitzo.exe before saving it to your desktop or run it in safe mode.
In your next reply, please post back:

1.TDSSKiller.txt
2.ComboFix log

Let me know how things went.

Edited by sundavis, 10 September 2010 - 02:25 PM.


#8 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 September 2010 - 02:57 PM

Ok, we got issues.
See the attached logs. I tried to re-install Antivir, and got "illegal operation attempted on a registry key that has been marked for deletion", so that is a no go.

In fact I had to put the log up on my network and am posting this from another machine. Seems I cannot launch any program/document, as I get that same error.

I have tried opening the following, firefox, paint, the two created logs, a random word document. All give the same error.

Find the logs attached below:

Thanks!
-N

Attached Files



#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 02:59 PM

Hi skitzo,


QUOTE
illegal operation attempted on a registry key that has been marked for deletion

Restart your pc and everything should go smoothly.

#10 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 September 2010 - 03:17 PM

You are correct. Antivir is installed and operational again. It is also updated.
As soon as it started it started finding the HTML/Rce.gen. I will however do a full scan and post the log. I will not take any remove or delete actions after the scan

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 03:32 PM

Hi skitzo,




QUOTE
I will not take any remove or delete actions after the scan

It's OK to let Avira does its job. You can post the log if full scan is done. We need to scan the remnants with Kas Online Scanner. It will take a while to run the full course. Please be patient and do the following.

Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup). On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .


Step1
  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    CODE
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe File not found
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe File not found
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.
Step2


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.OTL delete log
2.Kas Online Scan Report

Let me know if your still have any remaining issues on your pc.

Edited by sundavis, 10 September 2010 - 05:33 PM.


#12 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 September 2010 - 03:46 PM

just to keep you updated, its not looking good.
scan is 1.9% done and has found 216 detections, and still beeping. AHHH! Make it stop!

My mobo has the most annoying bleeping sound for detections EVER!

EDIT: just saw your next post. Antivir is still scanning and should take an hour or so more. It is finding lots. Do you wish me to continue with antivir, or cancel and skip to your instructions. the reason why i never too antivir actions is it basically is detecting any html pages or exe, and if i quarantine or delete, none of my programs work. i tested this on a small sample (ventrilo, dvddecrypter) both of which i had to reinstall

FURTHER EDIT: scan is at 4.6% with 640 detections

Edited by skitzo, 10 September 2010 - 03:49 PM.


#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 03:55 PM

Hi skitzo,



QUOTE
scan is 1.9% done and has found 216 detections

You may stop Avira scan and peform the new instructions above. After all is done, you may rescan your pc with Avira and post the log in your next reply. Good luck!

#14 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 September 2010 - 04:03 PM

hmm one issue with the first step:

Attached Files



#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 10 September 2010 - 04:10 PM

Hi skitzo,



Please uninstall Java™ 6 Update 20 completely, clean the cahce, and reinstall it from Here .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users