Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - random internet pages open


  • This topic is locked This topic is locked
9 replies to this topic

#1 VirusHater247

VirusHater247

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 29 September 2010 - 04:28 PM

Hello, i have had this wretched google redirect virus for some time now. It still persists if i use chrome, IE, and firefox. I will type in something i want and it brings up results, but when i click on it 3/4 times it takes me too some please like results5... etc. I have used My Norton Internet Security, and ive used Malware byts, and hitman pro to no avail. It just doesnt seem to pick up whatever i have. My internet service recently went down for about a week and when i came back i updated lots of stuff and i updated one of my games(World of Warcraft) and after it was done IE opened up and it was trying to load some page with a random ip adress in there, nothing accually loads on these pages but i am getting scared so i thought i would bring my problems here. Also i have a problem with Gmer, i pressed save, chose desktop, and a Winrar icon poped up that said gmer. i opened it and the program started, and everything is greyed out besides Service, Registry, files, and ADS. I can not click on the others as they are greyed out, i will not put the ark.txt attachment as i think it is not accurate. Thanks Here is my DDS:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Bestbuy at 16:28:23.45 on Wed 09/29/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6141.3541 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bestbuy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
mDefault_Page_URL = hxxp://www.dell.com
mLocal Page = c:\windows\syswow64\blank.htm
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.8.0.5\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "c:\program files (x86)\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [igndlm.exe] c:\program files (x86)\download manager\DLM.exe /windowsstart /startifwork
uRun: [BitTorrent DNA] "c:\program files (x86)\dna\btdna.exe"
uRun: [ares] "c:\program files (x86)\ares\Ares.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\bestbuy\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\bestbuy\appdata\roaming\mozilla\firefox\profiles\zbpaw0i8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\download manager\npfpdlm.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-6 68640]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-7-19 53488]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1108000.005\symds64.sys [2010-9-28 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1108000.005\symefa64.sys [2010-9-28 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-8-31 954928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1108000.005\cchpx64.sys [2010-9-28 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100928.001\IDSviA64.sys [2010-9-29 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1108000.005\ironx64.sys [2010-9-28 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1108000.005\symtdiv.sys [2010-9-28 451120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-28 126392]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2008-1-20 1523712]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2008-1-20 392704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-28 23:20:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-28 23:20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-19 18:04:19 65536 --sha-w- c:\users\bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TM.blf
2010-09-19 18:04:19 524288 --sha-w- c:\users\bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000002.regtrans-ms
2010-09-19 18:04:19 524288 --sha-w- c:\users\bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
2010-09-15 02:19:05 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-15 02:19:05 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 02:19:03 273920 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 02:18:50 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 02:18:50 739328 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-15 02:18:45 621568 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 02:18:45 502272 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-13 21:43:06 0 d-----w- c:\program files (x86)\World of Warcraft Public Test
2010-08-31 19:00:44 175628 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-08-31 18:28:15 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-08-31 18:24:32 0 d-----w- c:\windows\syswow64\WindowsPowerShell

==================== Find3M ====================

2010-09-29 16:40:22 75029 ----a-w- c:\programdata\nvModes.dat
2010-09-02 20:03:17 42 ----a-w- c:\users\bestbuy\appdata\roaming\wklnhst.dat
2010-08-31 18:28:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-31 18:28:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-31 18:28:09 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-31 01:37:34 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-29 23:20:45 45 ----a-w- c:\users\bestbuy\jagex_runescape_preferences.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-09 20:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 20:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-02 06:04:12 214975 ----a-w- c:\program files (x86)\data1.hdr
2010-01-02 06:03:21 1669931 ----a-w- c:\program files (x86)\setup.isn
2010-01-02 06:02:47 576000 ----a-w- c:\program files (x86)\ISSetup.dll
2010-01-02 06:01:35 255777 ----a-w- c:\program files (x86)\setup.inx
2010-01-02 05:59:23 1241 ----a-w- c:\program files (x86)\setup.ini
2010-01-02 05:57:17 473 ----a-w- c:\program files (x86)\layout.bin
2010-01-02 05:57:00 21494 ----a-w- c:\program files (x86)\0x0409.ini
2009-11-18 19:53:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-18 00:22:09 648054 ----a-w- c:\program files (x86)\epicness.bmp
2008-10-26 18:02:52 492858 ----a-w- c:\program files (x86)\lawl.bmp
2008-10-04 03:32:30 2493981907 ----a-w- c:\program files (x86)\Perfect_World_International.exe
2008-10-03 18:53:52 1061857 ----a-w- c:\program files\PerfectWorld_Downloader_v3.exe
2008-09-22 00:05:25 19153264 ----a-w- c:\program files\aaw2008.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-04 21:24:00 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-02-04 21:24:00 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-02-04 21:24:00 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-07-19 17:33:28 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:29:10.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:48 PM

Posted 03 October 2010 - 03:05 PM

Hi VirusHater247, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 VirusHater247

VirusHater247
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 04 October 2010 - 02:09 PM

Here is OTL.txt

OTL logfile created on: 10/4/2010 2:56:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bestbuy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.12 Gb Total Space | 263.27 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.92 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CODY
Current User Name: Bestbuy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
PRC - [2010/06/06 17:12:43 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/08 14:48:42 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/06 15:44:04 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 11:45:42 | 000,888,832 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/06 17:12:43 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/21 15:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 14:48:42 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files (x86)\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysInfo.sys -- (SysInfo)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/12/16 16:06:14 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/11/05 18:06:13 | 000,433,200 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/03 10:49:17 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 22:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/29 17:57:09 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101003.002\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 17:57:09 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/29 17:57:09 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101003.002\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/28 15:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100930.005\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 15:25:12 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 17:53:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/26 16:03:21 | 000,000,000 | ---D | M]

[2010/10/01 14:49:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/30 15:41:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/30 16:42:16 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249 209.18.47.61
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Key error. - File not found
O24 - Desktop WallPaper: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 14:55:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
[2010/09/30 15:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010/09/14 22:19:05 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/14 22:19:05 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 22:18:45 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/09/13 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft Public Test
[2010/09/08 17:56:49 | 000,000,000 | ---D | C] -- C:\Users\Bestbuy\Documents\Dedication Games
[2010/01/02 00:52:29 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2008/10/02 22:06:50 | 2493,981,907 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\Perfect_World_International.exe
[2008/10/02 21:55:35 | 001,061,857 | ---- | C] (Perfect World Entertainment Inc) -- C:\Program Files\PerfectWorld_Downloader_v3.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/04 14:57:56 | 002,543,372 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/04 14:56:49 | 006,553,600 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat
[2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
[2010/10/04 14:52:21 | 000,075,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/04 14:52:21 | 000,075,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/04 14:50:19 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 14:50:19 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 14:50:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 14:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/29 16:57:31 | 000,284,915 | ---- | M] () -- C:\Users\Bestbuy\Desktop\gmer.zip
[2010/09/29 12:12:05 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 12:12:05 | 000,065,536 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TM.blf
[2010/09/29 12:11:40 | 002,037,706 | -H-- | M] () -- C:\Users\Bestbuy\AppData\Local\IconCache.db
[2010/09/28 19:49:58 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/28 19:32:31 | 000,000,688 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bestbuy.job
[2010/09/28 19:32:18 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/20 17:52:57 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\isolate.ini
[2010/09/19 14:09:55 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 20:37:15 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/15 14:49:11 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\NTUSER.DAT{ffe90403-514a-11de-b872-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 14:49:11 | 000,065,536 | -HS- | M] () -- C:\Users\Bestbuy\NTUSER.DAT{ffe90403-514a-11de-b872-001ec950cdbe}.TM.blf
[2010/09/06 13:48:22 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/29 16:57:28 | 000,284,915 | ---- | C] () -- C:\Users\Bestbuy\Desktop\gmer.zip
[2010/09/19 14:04:19 | 000,524,288 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 14:04:19 | 000,524,288 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 14:04:19 | 000,065,536 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TM.blf
[2010/08/30 16:50:51 | 000,058,664 | ---- | C] () -- \TDSSKiller.2.4.1.3_30.08.2010_16.50.51_log.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/02 00:52:29 | 001,669,931 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010/01/02 00:52:29 | 000,255,777 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2010/01/02 00:52:29 | 000,214,975 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2010/01/02 00:52:29 | 000,021,494 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010/01/02 00:52:29 | 000,001,241 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/01/02 00:52:29 | 000,000,473 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2009/10/07 15:00:52 | 000,083,996 | ---- | C] () -- \aaw7boot.log
[2009/09/23 18:49:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 18:48:47 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/17 20:22:08 | 000,648,054 | ---- | C] () -- C:\Program Files (x86)\epicness.bmp
[2009/03/12 15:14:07 | 000,023,290 | ---- | C] () -- \mp_epicboobso-aLJR_440x350.jpg
[2009/02/05 18:03:58 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/02/05 18:03:58 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/02/05 18:03:58 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/01/18 21:23:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/18 21:23:35 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/01/18 16:04:34 | 000,000,204 | ---- | C] () -- \Plugins
[2008/11/13 02:16:17 | 000,022,040 | ---- | C] () -- C:\Users\Bestbuy\AppData\Roaming\editd.dat
[2008/11/12 19:57:55 | 000,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/11/10 13:57:32 | 000,000,115 | ---- | C] () -- \FtpCmd.txt
[2008/10/26 14:02:52 | 000,492,858 | ---- | C] () -- C:\Program Files (x86)\lawl.bmp
[2008/10/15 15:17:18 | 000,000,042 | ---- | C] () -- C:\Users\Bestbuy\AppData\Roaming\wklnhst.dat
[2008/09/26 21:44:09 | 000,000,095 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\fusioncache.dat
[2008/09/21 20:05:13 | 019,153,264 | ---- | C] () -- C:\Program Files\aaw2008.exe
[2008/09/21 11:12:52 | 000,795,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 19:25:18 | 000,000,680 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\d3d9caps.dat
[2008/08/25 17:15:10 | 000,000,127 | ---- | C] () -- \dfinstall.log
[2008/08/17 14:07:03 | 000,007,168 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 13:34:27 | 000,004,448 | RH-- | C] () -- \dell.sdr
[2008/07/19 13:26:11 | 2458,460,159 | -HS- | C] () --
[2008/04/11 11:09:24 | 000,093,200 | ---- | C] () -- \install.res.1049.dll
[2008/04/11 11:07:18 | 000,010,134 | ---- | C] () -- \eula.1049.txt
[2008/04/11 11:07:18 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2008/04/11 11:07:18 | 000,001,110 | ---- | C] () -- \globdata.ini
[2008/04/11 11:07:18 | 000,000,843 | ---- | C] () -- \install.ini
[2008/04/11 09:03:48 | 000,562,688 | ---- | C] () -- \install.exe
[2008/04/11 09:03:48 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2008/04/11 09:03:48 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2008/02/04 22:23:25 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/07 09:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 09:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.3082.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1040.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1031.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1028.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | C] () -- \eula.1033.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | C] () -- \eula.1041.txt
[2006/12/02 00:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/04 14:49:45 | 000,083,996 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/07/19 13:34:27 | 000,004,448 | RH-- | M] () -- C:\dell.sdr
[2008/09/19 12:40:04 | 000,000,127 | ---- | M] () -- C:\dfinstall.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2008/11/16 08:41:43 | 000,000,115 | ---- | M] () -- C:\FtpCmd.txt
[2008/04/11 11:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 11:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/03/12 15:14:01 | 000,023,290 | ---- | M] () -- C:\mp_epicboobso-aLJR_440x350.jpg
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/04 14:49:45 | 2458,460,159 | -HS- | M] () -- C:\pagefile.sys
[2009/09/18 15:35:13 | 000,000,204 | ---- | M] () -- C:\Plugins
[2010/08/30 16:52:09 | 000,058,664 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_30.08.2010_16.50.51_log.txt
[2008/04/11 11:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:51CF25B1
< End of report >


#4 VirusHater247

VirusHater247
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 04 October 2010 - 02:10 PM

Here is Extras.txt

OTL Extras logfile created on: 10/4/2010 2:56:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bestbuy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.12 Gb Total Space | 263.27 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.92 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CODY
Current User Name: Bestbuy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 96 A6 2A CA A3 46 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files (x86)\SubaGames\ACEonline\Launcher.atm" = C:\Program Files (x86)\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files (x86)\SubaGames\ACEonline\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files (x86)\SubaGames\ACEonline\Launcher.atm" = C:\Program Files (x86)\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files (x86)\SubaGames\ACEonline\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E1FDB2-A600-4ADB-B80D-9AE23EBA0049}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBE95DB-6596-40E4-BDA1-3B4805672882}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{12A94A50-2C0A-4541-890B-A6BA53C276AB}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher |
"{12F2A4C9-8964-4CE4-90D7-0941989201D8}" = lport=8373 | protocol=6 | dir=in | name=league of legends launcher |
"{15B77D80-A9DE-4D54-A3F3-E0AACA53E163}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{18CFC130-447E-46B3-9949-F892C9CF5DBA}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{33860AEE-F74B-4450-AB4E-DB154C4EDA15}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher |
"{3A135A19-2AE1-47D4-BB7D-D0C5571B1A68}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{4D59C29F-54B0-4461-95AA-DEB69B45422C}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{4E359F13-F245-4EC4-B83D-670F82D7EFD7}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{5A404660-C8D8-47F3-A3D3-35F3E139FB57}" = lport=8374 | protocol=17 | dir=in | name=league of legends launcher |
"{7164FDA1-29AD-454B-8AAA-B4ACA33941FC}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |
"{7EF89BC8-A9AB-4D56-B976-8247761DB053}" = lport=8373 | protocol=17 | dir=in | name=league of legends launcher |
"{8AE75DDE-4A70-4FB2-88C4-F18700F519E0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{961ADE36-E9D3-4CF3-9E61-0DE73B074BFD}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{9EEE23BF-CFA0-421E-8E3E-6A7673D397C2}" = lport=1120 | protocol=6 | dir=in | name=starcraft 2 |
"{A0DE7F3A-DEE9-4FA7-BC6D-58813AB9AC8C}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{B2CE006C-671B-45C9-AFCA-0F40DBFC4CF3}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{B55B9584-36F9-4EAC-AC27-3FFE44BD310D}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{B5FFAA31-302A-4BE1-B27D-FE279DF06670}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BCBA8D26-1667-46C6-B682-41F2B73B6BBA}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{C5A562B0-33AA-4DB7-A6C1-878CD1B3AA68}" = lport=1119 | protocol=6 | dir=in | name=starcraft 2 |
"{C80CBBA3-E5D8-4F6F-ACCB-E243F1C65449}" = lport=8374 | protocol=6 | dir=in | name=league of legends launcher |
"{DDCA4E54-38BE-4921-855F-1656644C0665}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{E7764EBB-E57F-4619-8265-8D717FE89065}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{F2D91392-0C85-45E5-A623-B380FF6B6DAC}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{F31BD7A8-439E-4514-9267-1BEF2C3DFD64}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{F74A304A-8525-4700-A42C-E03839D5D599}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{F7E9EFB3-3438-4F2A-B4F0-B4BC71405155}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009995B-31AB-4435-8812-559419419711}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{007D5054-A751-404B-A87A-520C3075DF65}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{052F0373-EB56-4813-9489-4BBE5B114C7E}" = protocol=6 | dir=in | app=c:\riot games\league of legends test realm\game\league of legends.exe |
"{05BDD76C-DBA4-4A70-A3D0-E6CE1E63793F}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{062A52B8-4F4D-4AF0-9F19-451993695AF1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{075281F4-6CA7-4446-A670-759B053D6A78}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{07E3E531-0EF5-42F8-B130-59593379CD90}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{080E6F31-E120-4AA9-B9D3-BDAB086F6CB7}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{0A2E73C1-1E7E-4884-87A3-48BFEB794539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{0A92D046-1877-4611-BE7E-0204E85BAEEF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{0B2726B0-9D66-465E-BF17-4F3DFE7075BF}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{0B483E8E-3A2B-442C-BA33-FB0F0FCC0F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0BE0CE36-B781-4770-B994-2733610922EE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{0D7F3D7A-C3BD-4828-A10E-0AD72039B38D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{0DCA98FC-3B8B-4574-9AE0-09799D605D74}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{0E377ADB-9AC8-465E-99A7-15D7C579F50A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{111E0ECB-B677-4727-B38E-B8DB70B3E959}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{11512EA8-B0C8-4874-BE27-DC27FB9F3C22}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{12FBC454-5B98-4910-8405-FBCF212EF64C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{133DD55A-B180-4794-8AC3-BDACF4813C04}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{17F0EE8D-D426-4366-8CB9-54B537A9AD23}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{1937084E-DCF9-4BD0-9207-57606D680500}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{1BEBB964-1B16-4683-ABBC-478E12690583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{1C77D051-F5AD-4AE6-9EAC-00CDC1C10F31}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1CAE8B2C-B5F4-413A-A756-10EF623AE10F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{1DBFCBB9-7FFB-4B93-A842-ABC512E1AB9C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{200E2C82-0765-4728-AC94-E66E46DF8F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2169BCE7-7512-474F-9DA6-065F07085F4A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{21DB8E90-096A-4A49-9979-CAE24CE92804}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{2364E556-BB00-42CF-A43E-948A12B7623D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{236CC8BE-4DF0-42B0-99E2-E37C148C73BE}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{23A9AAAB-87C3-435F-BC2F-CB449B3D2BCD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{24ED22ED-A836-44E9-90B4-BD6B9D29EE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"{25CE4F29-4E3C-41B0-B76C-710D49BC8CCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rathalos247\counter-strike source\hl2.exe |
"{277A8E9B-F239-43BE-9706-226B427A4287}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{27EEA7CA-1140-4C7E-BD24-E05298C63A49}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{2834F694-05D4-4050-95F9-4EF32B3F8BF0}" = protocol=17 | dir=in | app=c:\riot games\league of legends test realm\game\league of legends.exe |
"{29239F30-37CA-407C-ADE8-CFC1F56F8BA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29367EAA-1D2B-4DB3-B9BF-5AE2960CFB40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{2A788B49-93E1-480B-9178-8ADE7834D795}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{2A82238F-EF13-4F3C-9776-69C3FFF80E08}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{2E7B302A-A735-4D1D-B52B-5B6BB6E33869}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{2FF6C04E-1F46-451B-B4EA-DFDC5AAEBB63}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{30320FCD-6251-420D-A5BB-B240C85542EE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{3121FFB2-781C-4970-AD85-D81C7D60DCFF}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{32A465B1-9FD8-41A7-9AD4-5341EFD90990}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{335B8780-DA89-4502-90A6-469259A2A50C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{3451DF0F-6B3A-461F-B155-A5DD0C0B7390}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{34E567C1-5248-41FF-8136-43D7F554A05E}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{385C3A81-FCB7-44DC-8C7D-9B44F0DBEC34}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{39C7A9A3-7844-4BAB-8F77-2BD1E9D0AB19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{3FF8C3BF-4E95-4057-8F5C-426CB47F1C08}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{437F8A4C-5219-4FD1-9998-FBE39F9EA7D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{44EE19D2-82AA-47FC-B43A-59F1A3FCF9F3}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{4A16160B-2813-4983-98B0-3347CF821D78}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4A1816B8-977A-4AFE-981C-8E9C9FD23274}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{4DB052F2-E55B-4906-B9C0-7192ABFDB509}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{5161DA44-273D-4570-B930-7CDB2CC89951}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{52C5F5D9-FC28-46D1-8FA7-E360EB441E52}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{540C71C1-41BB-488F-813E-9AD3BEAF6031}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{553BFFFD-86CA-4974-85D5-96655C275260}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{570445A6-147C-44EE-A0DA-B93E89B51C90}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5796025E-2CD5-4D49-9FFD-576ED9D6099E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{57BE3E0E-2DF5-4204-B6D1-52E7767CB40F}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5903D924-36A7-4526-BD49-8A6CBA6AC20C}" = protocol=6 | dir=in | app=c:\riot games\league of legends test realm\air\lolclient.exe |
"{5AFB1599-F8CE-43A0-AF35-CD7568586056}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5CA3D9A2-1DF5-40B8-8B54-11BFA673F642}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6065F38E-4C61-456A-9ED6-3744218F0B95}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{6191F565-87FA-4BD0-BB91-3D204D46F734}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6556B8A6-415D-463D-A4DC-B77B9A9799BE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6586E5FC-EE10-4319-94B6-B30F57A1B7E8}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{65E7BDED-A1FC-4D40-880E-69D817E66EC5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{66E9F0DD-F9F1-48EB-A6C8-A568EF1F2F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6854E09D-E783-40F9-8836-26A6F33E8F48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swarm arena demo\swarm.exe |
"{6B5842F4-2F16-4D52-A8A1-44867676E4DF}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6B7A1B35-BE12-4014-ABA5-4AD6DC2E6086}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{6CEEE9AE-C325-4FEF-98D8-A8A143AA962F}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6D7C77F4-1160-413E-9E77-03D0BCE59C84}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{71768F12-F392-48FB-9553-C8ED15155D03}" = protocol=6 | dir=in | app=c:\users\bestbuy\appdata\local\microsoft\windows\temporary internet files\content.ie5\2b63cn08\anarchyonline_17.9.1-large[1].exe |
"{717B8E25-AD40-4D7D-858D-01C0C3032F53}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{735A5ABB-44E1-46AB-89AD-7D4D824994EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7520386E-9B81-43A8-8D6E-B6DE3285599A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7622C066-C7B9-4DB4-A380-2438B0BB69B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rathalos247\counter-strike source\hl2.exe |
"{782BF2D8-CF1A-42E1-A7F0-331E54488A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{795C575A-3C53-4F38-BD43-489CF25A4D80}" = protocol=17 | dir=in | app=c:\riot games\league of legends test realm\air\lolclient.exe |
"{7B67F551-95F1-4656-BC20-8B9DC3311F71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{7BB21605-FB6C-4F93-8381-58E65997C0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7C8A98AD-1CD7-44C1-B70D-02DBC9C6DA9C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7D2030D1-5FDF-42F3-8DA9-7177F611E98C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7D767A40-0AA5-4BA2-BC2A-FFF8128B83E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{83EBACC1-64F0-43FA-ABD4-ADA1DEC74D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swarm arena demo\swarm.exe |
"{84B947FE-EB14-43D6-B12B-0446422F7E07}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{84F3CF5F-3D72-49CA-8B4F-B93716BB7C8D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{872E0AC7-5BEC-4F8F-9F19-E1DB2CA6B853}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{8807B7AE-2511-4419-A9A4-D32A6686B459}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{89600462-1EF3-4124-B72E-2C065DBB1574}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{8AE471FC-A7AC-4C70-A1F1-055EACABD66B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8B786B86-FCAE-46AB-94AD-FB00424A96C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{8BB441FE-459C-4740-BFAC-A2B7E056FBBB}" = protocol=17 | dir=in | app=c:\users\bestbuy\appdata\local\microsoft\windows\temporary internet files\content.ie5\2b63cn08\anarchyonline_17.9.1-large[1].exe |
"{9161E3C1-86C9-46C9-BC6F-9EA4FBF8B56B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{918C0860-F176-47BB-8F67-0B933B1352D4}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{918E0BC6-C3E2-4030-81B1-AA3D06BD6772}" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"{91ED9C57-0197-447E-A728-10318EA46F2A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{92EA8908-05BC-4827-BEDD-BB3244A0E6B7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{937B1B21-95AF-45E0-A5D1-9442F4C2D729}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{95B72EA5-559A-455A-BA96-D555C88F8913}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{96252C8D-ABCF-4CAF-8A43-708EB0CC5D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9983C708-AC8B-41A9-9A72-045C02A50488}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A073477D-62B4-4E02-A33F-B9319B5E67E9}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A0AAE51D-6C30-4206-97EB-BC65B51E27A7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A115378B-A4E3-4A05-BDD2-96EE2635EC0D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{A142C850-5EF4-4DB5-9AD9-6CBB9B539F49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defense grid demo\defensegriddemo.exe |
"{A34FEF5D-5F0C-4F97-8427-DE07B7264A63}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{A483243C-CF07-4428-A3C6-6D9E4EBE5521}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A506EE5B-9446-469A-AE11-1CA6CEE11CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{AD607B29-4C20-4364-A41B-8319B9033C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{AE236433-55A5-4941-A74D-9686FE5AC09A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{AE8600B9-B311-4CB4-BC3D-6A2ED64FC5C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{AF587D50-4C8B-4AAC-A2F9-5EA852E99D48}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0F006D2-064B-4689-B56F-7012E9AF4AB7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{B14E13A7-6EBA-4B21-AE01-CA44851FBC15}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{B351E9D9-03AD-49EB-9F3B-0121B3E3C37C}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{B6F3274C-A417-41DD-8E3F-F47B1FC6A3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BA339062-68FF-4534-811F-64F8887D069B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{BC740EFB-E3D8-4F75-9152-88C179DC640F}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{BCD0E05B-FE92-4995-BF1F-E8ABFE13C5C6}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{BF98C339-9EF7-4A29-A863-A2406A91FB0E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{BFC39F07-DD33-45CD-9D69-8085A7CB131A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{C252B08B-C56A-41F9-AE1D-645FDAA8CB00}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C4FCE248-B783-489F-AB55-EEF6F75529A3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{C4FD1864-C3FE-4ED2-B632-988F170BB3C7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C5D2BE37-61B7-4F92-91AE-63AACC7D99BA}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{C6332756-D800-4807-BF58-27B2232082E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C6DB39A1-480E-4DD4-91B4-D8B0BDE8C419}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{C7670594-DAC4-427B-8947-09BF7E842ED9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{C9017D25-0DC7-4B7D-8B71-EFAF1C8D475C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{CAE2B241-A319-4C62-B440-ED277C668E06}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB5E5E3C-F087-4E6E-A771-DC2E2DA0CDE5}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{CC4ACFA7-CC2E-4E2D-ACBC-5A4506039C5D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{CC97CF3E-D179-42B3-ACFD-D7B3327FABEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{D1A3790C-8025-4D3E-90A7-B6471AB3FAEA}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{D1DD769F-1FE1-442A-945F-78ADA71D307E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{D3E5F9E2-CDE3-4359-9FBF-D4DBDECF4DAB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{D474F2B7-8E9C-4C3D-9E5C-61981F92FC21}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{D952D846-0D31-4031-81FC-BF8830B417C9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DA04640E-B5C2-4D56-8BFA-A27149814281}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DD5179E0-BC20-491E-A22A-BA04BFAE8F5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{DD8FA12A-64EF-401C-9A04-4D6BD779972C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DD9DCB82-61F5-44C0-8072-71466ED77F00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defense grid demo\defensegriddemo.exe |
"{DE7AD6BB-A356-4223-B115-3888E3AD9CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E21A309B-77E5-4B22-AD0D-C3350FBA04AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E3B45C5E-26D2-4F38-86E8-67490DFF2FDF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{E3EDD0FC-F93B-4A5D-AE3F-204EA67DB891}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E8EBDF64-14BF-4534-B0E2-361BA34ACA34}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{EB45E2DB-BCE7-4872-BCEE-D391BDAA7870}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{ECBB018F-70E1-40A5-883A-0BF1381F0E77}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{EDD71C68-1DE4-4B62-BB72-FFB722B319F0}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{EDD93787-4153-4288-BBC3-F2AF6A0C6F44}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{EF2BC2C9-55DC-4229-9539-21504CC47E78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{F0D7A065-D1D6-46B0-92F1-A4F64C2B1824}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F0FB99F9-9883-4760-82C3-52DEE3D0734C}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F549A41E-CF13-427C-A04C-0055836B7D2A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{F9D3A79B-6737-49CF-A9F3-A312C6EE8934}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FCF4204E-6165-4198-AA52-A3A602DD974F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{FCFEB06A-A410-4119-8818-F15248E634FD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{FE718246-402B-4525-ABFC-F8E1040DEE87}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"TCP Query User{4BE7E1FC-96AD-451F-AF8F-8136B834D087}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{4D4F3EC6-BB72-48B9-AAD5-E1A62D5F3696}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{66DA3CBB-9B68-44A7-B962-902D30E0BD9F}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{8C15E02D-E92D-43E3-B23C-C921B3411789}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{929227E7-865C-4E09-AD5D-4B83B18DB16B}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{96F16F89-4AF6-49FF-9169-638E289D5D65}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{B59A7E14-2736-43D4-B6C0-E6E349E194C8}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{B8364381-448A-4E73-9C24-9573531034BD}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{BFC3FEA2-F1DD-4764-9B8D-4099ECD70069}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{C188158B-0941-4DAD-B55E-99050BD18843}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{C90F0C0F-C8F2-4E70-9DA7-3DE611D7CF3D}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{D8ED8715-D917-43CA-B602-C431FCCA8F50}C:\program files (x86)\steam\steamapps\rathalos247\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rathalos247\team fortress 2\hl2.exe |
"TCP Query User{D9271F8D-FD16-4ABD-BDCA-9AD07AF94010}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{092832D5-6BD9-47A4-A457-AC4E8E1D590F}C:\program files (x86)\steam\steamapps\rathalos247\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rathalos247\team fortress 2\hl2.exe |
"UDP Query User{0DDC1CC5-6066-4BDA-9CAD-860988394601}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{2B9633EF-D95A-4576-8494-325E33A13065}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{38ECFEFB-21C4-4292-B4A9-EE0CA85AFEED}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{3AC9E31D-B40C-4361-8A88-342B085C5F6F}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{3BD2502E-D822-4E31-920E-CCCC23646FC7}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{5F17192D-AE38-4107-827D-52A1851DE14C}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{60905A7F-3227-417D-8B19-2C74A51F78AD}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{60C64C0B-A79C-4751-9D2D-88EAD16F97D3}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{652BACC8-FE91-4C64-B625-E3A868D85788}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{7E32D84B-A9E9-4C81-9068-D34A751DDCF5}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{E8449FCB-3D6C-4A92-96F0-472CB1A18B0B}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{EF964A24-7A25-4711-83B3-4F5F2407D36E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostic Tool
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83473A4C-F29C-4EEB-8083-F82EB8ABD7F5}" = Demigod Demo
"{83475EE2-08BD-4134-B4F9-F3FA46EDC508}" = Geek Squad 24 Hour Computer Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8BB36D2-0C3A-49ED-B164-05785A3FECB5}" = League of Legends Test Realm
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares" = Ares 2.0.9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Demigod Demo" = Demigod Demo
"DFO" = DFOLauncher
"Diablo II" = Diablo II
"Download Manager" = Download Manager 2.3.9
"hon" = Heroes of Newerth
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"PROR" = Microsoft Office Professional 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 17460" = Mass Effect
"Steam App 240" = Counter-Strike: Source
"Steam App 35110" = Just Cause 2 Demo
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 400" = Portal
"Steam App 42650" = Transformers: War for Cybertron
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 46610" = Swarm Arena Demo
"Steam App 6060" = Star Wars - Battlefront II
"SystemRequirementsLab" = System Requirements Lab
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Diablo II" = Diablo II
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2009 4:07:20 PM | Computer Name = Cody | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 11/5/2009 3:41:55 PM | Computer Name = Cody | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2009 3:47:48 PM | Computer Name = Cody | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 11/5/2009 5:23:49 PM | Computer Name = Cody | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ea0 Start Time: 01ca5e4ffeb79580 Termination Time: 24

Error - 11/6/2009 3:42:03 PM | Computer Name = Cody | Source = WinMgmt | ID = 10
Description =

Error - 11/6/2009 5:47:04 PM | Computer Name = Cody | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 11/6/2009 7:04:29 PM | Computer Name = Cody | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module SkypeIEPlugin.dll_unloaded, version 0.0.0.0, time stamp
0x4a77e4da, exception code 0xc0000005, fault offset 0x04fd3f2b, process id 0xfdc,
application start time 0x01ca5f3559a9d09c.

Error - 11/7/2009 1:18:25 PM | Computer Name = Cody | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2009 1:24:34 PM | Computer Name = Cody | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 11/7/2009 2:09:32 PM | Computer Name = Cody | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/15/2008 2:56:33 PM | Computer Name = ARHWGS4RR1D | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/23/2008 4:38:37 AM | Computer Name = Cody | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/18/2009 5:01:09 PM | Computer Name = Cody | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/29/2009 10:25:28 PM | Computer Name = Cody | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/9/2009 11:05:16 PM | Computer Name = Cody | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/3/2009 3:27:54 PM | Computer Name = Cody | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:48 PM

Posted 04 October 2010 - 04:52 PM

Hi again VirusHater247!!.. smile.gif

Looks like DNS settings on your machine has been altered - your computer is using malicious DNS servers - that's why you experience redirects...

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249 209.18.47.61

Also, malware probably compromised your router as well - I'll ask you to reset it to its default settings and secure it properly...

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysInfo.sys -- (SysInfo)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249 209.18.47.61
    O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Key error. - File not found
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usprserv]
    "Start"=dword:00000004
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please read my article here: Routers - security, then (after disconnecting other machines from the router) reset it back to the factory default settings, and change the username/password on your router...

Thirdly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 VirusHater247

VirusHater247
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 04 October 2010 - 07:50 PM

Hello and thanks for these replys

Here is the OTL fix log

All processes killed
========== OTL ==========
Service SysInfo stopped successfully!
Service SysInfo deleted successfully!
File C:\Windows\SysNative\drivers\SysInfo.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon\ deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usprserv\\"Start"|dword:00000004 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bestbuy
->Temp folder emptied: 1222985003 bytes
->Temporary Internet Files folder emptied: 158717604 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 64099 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Experience
->Temp folder emptied: 1479041 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Public

User: Test
->Temp folder emptied: 33040 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171581212 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 19390721160 bytes

Total Files Cleaned = 19,976.00 mb


[EMPTYFLASH]

User: All Users

User: Bestbuy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Experience

User: Public

User: Test

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10042010_202209

Files\Folders moved on Reboot...
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB184.tmp not found!
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB190.tmp not found!
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB1DD.tmp not found!
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB1E9.tmp not found!
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB215.tmp not found!
File\Folder C:\Users\Bestbuy\AppData\Local\Temp\~DFB221.tmp not found!
C:\Users\Bestbuy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBQO5S3H\topic350506[1].htm moved successfully.
C:\Users\Bestbuy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKJM1T4J\iframe[1].htm moved successfully.
C:\Users\Bestbuy\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

And here is the mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4742

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/4/2010 8:42:47 PM
mbam-log-2010-10-04 (20-42-47).txt

Scan type: Quick scan
Objects scanned: 161263
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.109.68.247 213.109.73.249 209.18.47.61 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d163671f-646e-4eda-9b99-27a895d19d6c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.109.68.247 213.109.73.249 209.18.47.61 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:48 PM

Posted 05 October 2010 - 10:42 AM

Hi again VirusHater247!!.. smile.gif

Did you reset the router as instructed??.. Does any problem remain??..

Please do the following:

Firstly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Secondly,
Run a new scan with OTL.exe - run the program and click: Run Scan , post the contents of OTL.txt logfile...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 VirusHater247

VirusHater247
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 05 October 2010 - 04:32 PM

Hello and thanks! Yes i reset my router to factory settings and i also changed the password on it

Here is the ESET log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=385b8f7c320ada4e93c715a73df52689
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-05 09:23:35
# local_time=2010-10-05 05:23:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 52 0 122905373 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=278213
# found=0
# cleaned=0
# scan_time=7141


Here is the OTL log

OTL logfile created on: 10/5/2010 5:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bestbuy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.12 Gb Total Space | 277.92 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.92 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive E: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CODY
Current User Name: Bestbuy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
PRC - [2010/06/06 17:12:43 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/08 14:48:42 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/06 15:44:04 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 11:45:42 | 000,888,832 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/06 17:12:43 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/21 15:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 14:48:42 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files (x86)\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/12/16 16:06:14 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/11/05 18:06:13 | 000,433,200 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/03 10:49:17 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 22:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/29 17:57:09 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101004.023\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 17:57:09 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/29 17:57:09 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101004.023\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/28 15:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100930.005\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 15:25:12 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 17:53:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/26 16:03:21 | 000,000,000 | ---D | M]

[2010/10/01 14:49:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/30 15:41:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/30 16:42:16 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bestbuy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 11:20:05 | 000,000,000 | ---D | M] - E:\AutoRunData -- [ CDFS ]
O32 - AutoRun File - [2007/03/07 14:45:54 | 000,551,008 | R--- | M] (Midway Home Entertainment Inc) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/03/07 14:45:54 | 000,000,092 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4179f6e2-5576-11dd-8915-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4179f6e2-5576-11dd-8915-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007/03/07 14:45:54 | 000,551,008 | R--- | M] (Midway Home Entertainment Inc)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 15:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/04 20:22:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/04 20:22:09 | 000,000,000 | ---D | C] -- \_OTL
[2010/10/04 14:55:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
[2010/09/30 15:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010/09/14 22:19:05 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/14 22:19:05 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 22:18:45 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/09/13 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft Public Test
[2010/09/08 17:56:49 | 000,000,000 | ---D | C] -- C:\Users\Bestbuy\Documents\Dedication Games
[2010/01/02 00:52:29 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2008/10/02 22:06:50 | 2493,981,907 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\Perfect_World_International.exe
[2008/10/02 21:55:35 | 001,061,857 | ---- | C] (Perfect World Entertainment Inc) -- C:\Program Files\PerfectWorld_Downloader_v3.exe

========== Files - Modified Within 30 Days ==========

[2010/10/05 17:26:20 | 006,553,600 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat
[2010/10/05 16:39:41 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 16:39:41 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 15:01:38 | 002,543,372 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/05 14:40:31 | 000,075,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/05 14:40:31 | 000,075,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/05 14:39:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 14:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 20:52:48 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/04 20:45:32 | 000,065,536 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TM.blf
[2010/10/04 20:45:31 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 20:45:09 | 002,577,513 | -H-- | M] () -- C:\Users\Bestbuy\AppData\Local\IconCache.db
[2010/10/04 20:00:11 | 000,000,688 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bestbuy.job
[2010/10/04 16:16:30 | 000,001,013 | ---- | M] () -- C:\Users\Bestbuy\Desktop\TurbineLauncher - Shortcut.lnk
[2010/10/04 14:55:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bestbuy\Desktop\OTL.exe
[2010/09/29 16:57:31 | 000,284,915 | ---- | M] () -- C:\Users\Bestbuy\Desktop\gmer.zip
[2010/09/28 19:32:18 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/20 17:52:57 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\isolate.ini
[2010/09/19 14:09:55 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 20:37:15 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/15 14:49:11 | 000,524,288 | -HS- | M] () -- C:\Users\Bestbuy\NTUSER.DAT{ffe90403-514a-11de-b872-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 14:49:11 | 000,065,536 | -HS- | M] () -- C:\Users\Bestbuy\NTUSER.DAT{ffe90403-514a-11de-b872-001ec950cdbe}.TM.blf
[2010/09/06 13:48:22 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

========== Files Created - No Company Name ==========

[2010/10/04 16:16:30 | 000,001,013 | ---- | C] () -- C:\Users\Bestbuy\Desktop\TurbineLauncher - Shortcut.lnk
[2010/09/29 16:57:28 | 000,284,915 | ---- | C] () -- C:\Users\Bestbuy\Desktop\gmer.zip
[2010/09/19 14:04:19 | 000,524,288 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 14:04:19 | 000,524,288 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 14:04:19 | 000,065,536 | -HS- | C] () -- C:\Users\Bestbuy\ntuser.dat{34b51e0d-c418-11df-99ee-001ec950cdbe}.TM.blf
[2010/08/30 16:50:51 | 000,058,664 | ---- | C] () -- \TDSSKiller.2.4.1.3_30.08.2010_16.50.51_log.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/02 00:52:29 | 001,669,931 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010/01/02 00:52:29 | 000,255,777 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2010/01/02 00:52:29 | 000,214,975 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2010/01/02 00:52:29 | 000,021,494 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010/01/02 00:52:29 | 000,001,241 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/01/02 00:52:29 | 000,000,473 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2009/10/07 15:00:52 | 000,084,668 | ---- | C] () -- \aaw7boot.log
[2009/09/23 18:49:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 18:48:47 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/17 20:22:08 | 000,648,054 | ---- | C] () -- C:\Program Files (x86)\epicness.bmp
[2009/03/12 15:14:07 | 000,023,290 | ---- | C] () -- \mp_epicboobso-aLJR_440x350.jpg
[2009/02/05 18:03:58 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/02/05 18:03:58 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/02/05 18:03:58 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/01/18 21:23:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/18 21:23:35 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/01/18 16:04:34 | 000,000,204 | ---- | C] () -- \Plugins
[2008/11/13 02:16:17 | 000,022,040 | ---- | C] () -- C:\Users\Bestbuy\AppData\Roaming\editd.dat
[2008/11/12 19:57:55 | 000,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/11/10 13:57:32 | 000,000,115 | ---- | C] () -- \FtpCmd.txt
[2008/10/26 14:02:52 | 000,492,858 | ---- | C] () -- C:\Program Files (x86)\lawl.bmp
[2008/10/15 15:17:18 | 000,000,042 | ---- | C] () -- C:\Users\Bestbuy\AppData\Roaming\wklnhst.dat
[2008/09/26 21:44:09 | 000,000,095 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\fusioncache.dat
[2008/09/21 20:05:13 | 019,153,264 | ---- | C] () -- C:\Program Files\aaw2008.exe
[2008/09/21 11:12:52 | 000,795,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/09/19 19:25:18 | 000,000,680 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\d3d9caps.dat
[2008/08/25 17:15:10 | 000,000,127 | ---- | C] () -- \dfinstall.log
[2008/08/17 14:07:03 | 000,007,168 | ---- | C] () -- C:\Users\Bestbuy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 13:34:27 | 000,004,448 | RH-- | C] () -- \dell.sdr
[2008/07/19 13:26:11 | 2458,460,159 | -HS- | C] () --
[2008/04/11 11:09:24 | 000,093,200 | ---- | C] () -- \install.res.1049.dll
[2008/04/11 11:07:18 | 000,010,134 | ---- | C] () -- \eula.1049.txt
[2008/04/11 11:07:18 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2008/04/11 11:07:18 | 000,001,110 | ---- | C] () -- \globdata.ini
[2008/04/11 11:07:18 | 000,000,843 | ---- | C] () -- \install.ini
[2008/04/11 09:03:48 | 000,562,688 | ---- | C] () -- \install.exe
[2008/04/11 09:03:48 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2008/04/11 09:03:48 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2008/02/04 22:23:25 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/07 09:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 09:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.3082.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1040.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1031.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | C] () -- \eula.1028.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | C] () -- \eula.1033.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | C] () -- \eula.1041.txt
[2006/12/02 00:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:51CF25B1
< End of report >


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:48 PM

Posted 06 October 2010 - 11:33 AM

Hi again VirusHater247!!.. smile.gif

QUOTE
Yes i reset my router to factory settings and i also changed the password on it.

thumbup2.gif

Your logs look clean to me, DNS settings are correct now (point to an IP address in the United States)... If no problem persists, perform the steps below and you're good to go!.. smile.gif

I see that you have a P2P (Peer-to-Peer) file sharing programs installed. I highly recommend that you consider uninstalling them (or at least disabling them on Startup).
P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

More listed here:
Data Security Threats And Breaches
You should read the link at the bottom of that page:
Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks.

We need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Uninstall old, unneeded versions of Java:
Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 5
Java™ 6 Update 7


- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Then,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:48 PM

Posted 26 October 2010 - 04:16 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users