Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Loud Sound From Fire Alarm System Shuts Down Nasdaq's Scandinavian Data Center

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

dont even know what i have

Started by s7ormx , Oct 08 2010 08:07 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 s7ormx

s7ormx

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 08 October 2010 - 08:07 PM

will even send money via paypal if someone guides me through fixing this quickly ;)

Other form of communication: Removed to protect from spambots. ~ OB

ComboFix 10-10-07.02 - Tina 10/08/2010 20:20:36.1.2 - x86
MicrosoftŽ Windows Vistaâ„ĸ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1921 [GMT -4:00]
Running from: c:usersTinaDesktopComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:install.exe
c:program filesMozilla Firefoxsearchpluginssearch.xml
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersTinaAppDataRoamingC5B21315A6F1BEAC2C9A7E9B655D9F43
c:usersTinaAppDataRoamingC5B21315A6F1BEAC2C9A7E9B655D9F43enemies-names.txt
c:usersTinaAppDataRoamingC5B21315A6F1BEAC2C9A7E9B655D9F43local.ini
c:usersTinaAppDataRoaminginst.exe
c:usersTinaAppDataRoamingMicrosoftWindowsRecentANTIGEN.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecentcb.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecentdudl.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecentexec.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecentPE.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecentrunddl.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsRecenttjd.tmp
c:usersTinaAppDataRoamingMicrosoftWindowsStart MenuProgramsAntimalware Doctor
c:windowsrun.log
c:windowssystem32ie.tmp.exe
c:windowssystem32instsrv.exe
c:windowssystem32launch.bat
c:windowssystem32pbrl.vbs
c:windowstmp.log

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
Infected copy of c:windowssystem32driverstdx.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2012-06-21 14:51 . 2010-01-04 09:13 -------- d-----w- c:programdataHewlett-Packard
2012-06-21 14:39 . 2010-01-04 09:13 -------- d-----w- c:windowsSMINST
2012-06-21 14:32 . 2009-05-13 16:28 -------- d-----w- c:programdataSymantec
2012-06-21 14:32 . 2010-01-04 09:12 -------- d-----w- c:program filesCommon FilesSymantec Shared
2012-06-21 14:31 . 2010-04-23 01:38 -------- d-----w- c:program filesYahoo!
2012-06-21 14:28 . 2012-06-21 14:28 -------- d-----w- c:windowssystem32OEM
2012-06-21 14:28 . 2009-05-13 01:41 -------- d-----w- c:windowsPanther
2012-06-21 14:28 . 2010-01-04 09:12 -------- d-----w- C:Boot
2012-06-21 14:27 . 2012-06-21 14:27 -------- d-----w- c:programdataPC-Doctor
2012-06-21 14:26 . 2010-01-04 09:12 -------- d-----w- c:program filesPC-Doctor 5 for Windows
2012-06-21 14:24 . 2006-10-27 02:56 33104 ----a-w- c:windowssystem32Spoolprtprocsw32x86msonpppr.dll
2012-06-21 14:24 . 2006-10-27 02:56 32592 ----a-w- c:windowssystem32msonpmon.dll
2012-06-21 14:22 . 2010-08-15 02:48 -------- d-----w- c:programdataMicrosoft Help
2012-06-21 14:22 . 2010-02-21 20:40 -------- d-----w- c:program filesMicrosoft Works
2012-06-21 14:20 . 2010-05-09 12:21 -------- d-----w- c:program filesCommon FilesAdobe
2012-06-21 14:19 . 2012-06-21 14:19 -------- d-----w- c:programdatamuvee Technologies
2012-06-21 14:19 . 2010-01-04 09:12 -------- d-----w- c:program filesmuvee Technologies
2012-06-21 14:19 . 2010-01-04 09:12 -------- d-----w- c:program filesCommon Filesmuvee Technologies
2012-06-21 14:18 . 2009-05-13 15:48 -------- d-----w- c:program filesCommon FilesReal
2012-06-21 14:17 . 2010-01-04 09:12 -------- d-----w- c:program filesReal
2012-06-21 14:16 . 2012-06-21 14:16 -------- d---a-w- c:program filesCommon FilesLS Getting Started
2012-06-21 14:16 . 2010-01-04 09:15 -------- d---a-w- c:program filesCommon FilesLightScribe
2012-06-21 14:16 . 2012-06-21 14:16 -------- d-----w- c:program filesCommon FilesSureThing Shared
2012-06-21 14:15 . 2009-06-18 08:45 -------- d-----w- c:programdataSonic
2012-06-21 14:15 . 2010-05-25 02:32 -------- d-----w- c:program filesCommon FilesPX Storage Engine
2012-06-21 14:14 . 2010-01-04 09:12 -------- d-----w- c:programdataRoxio
2012-06-21 14:14 . 2010-01-04 09:12 -------- d-----w- c:program filesCommon FilesSonic Shared
2012-06-21 14:14 . 2010-01-04 09:12 -------- d-----w- c:program filesRoxio
2012-06-21 14:14 . 2010-01-04 09:12 -------- d-----w- c:program filesCommon FilesRoxio Shared
2012-06-21 14:09 . 2010-01-04 09:12 -------- d-----w- c:program filesCommon FilesHP
2012-06-21 14:09 . 2010-01-04 09:12 -------- d-----w- c:program filesHP
2012-06-21 14:08 . 2010-01-04 09:12 -------- d-----w- c:programdataHP
2012-06-21 14:07 . 2007-01-03 13:31 4779376 ----a-w- c:programdataWildTangentoem-eula.exe
2012-06-21 14:02 . 2009-05-13 15:49 -------- d-----w- c:programdataWildTangent
2012-06-21 14:02 . 2012-06-21 14:02 -------- d-----w- c:windowssystem32Macromed
2012-06-21 13:57 . 2010-05-09 06:56 -------- d--h--w- c:program filesInstallShield Installation Information
2012-06-21 13:57 . 2010-01-04 09:12 -------- d-----w- c:program filesRealtek
2012-06-21 13:57 . 2010-01-04 09:13 -------- d-----w- c:program filesCommon FilesInstallShield
2012-06-21 13:56 . 2009-05-13 16:49 -------- d-----w- c:windowssystem32RTCOM
2012-06-21 13:56 . 2006-12-13 10:30 339968 ----a-w- c:windowssystem32SRSTSXT.dll
2012-06-21 13:56 . 2009-02-11 16:48 2523680 ----a-w- c:windowssystem32RtkAPO.dll
2012-06-21 13:56 . 2007-03-01 15:38 4390912 ----a-w- c:windowsRtHDVCpl.exe
2012-06-21 13:56 . 2007-01-15 07:43 66048 ----a-w- c:windowssystem32hcwxds.dll
2012-06-21 13:54 . 2009-03-28 04:03 453152 ----a-w- c:windowssystem32nvuninst.exe
2012-06-21 13:54 . 2008-05-23 01:49 313888 ----a-w- c:windowssystem32nvexpbar.dll
2012-06-21 13:54 . 2009-03-28 04:03 1108512 ----a-w- c:windowssystem32nvcpluir.dll
2012-06-21 13:54 . 2009-03-28 04:03 801312 ----a-w- c:windowssystem32nvcplui.exe
2012-06-21 13:45 . 2006-11-02 05:46 8704 ----a-w- c:windowssystem32hccoin.dll
2012-06-21 13:44 . 2007-02-12 15:01 61440 ----a-w- c:windowssystem32OsdRemove.exe
2012-06-21 13:44 . 2010-01-04 09:12 -------- d-----w- c:program filesHewlett-Packard
2012-06-21 13:43 . 2005-12-12 17:27 19072 ----a-w- c:windowssystem32driversPS2.sys
2012-06-21 13:42 . 2007-02-08 10:40 253952 ----a-w- c:windowssystem32cPC_DMIRD.dll
2012-06-21 13:41 . 2006-07-16 21:23 327680 ----a-w- c:windowssystem32pythoncom24.dll
2012-06-21 13:41 . 2006-07-16 21:15 102400 ----a-w- c:windowssystem32pywintypes24.dll
2012-06-21 13:40 . 2006-09-07 17:13 348160 ----a-w- c:windowssystem32msvcr71.dll
2012-06-21 13:40 . 2006-09-07 17:13 1060864 ----a-w- c:windowssystem32mfc71.dll
2012-06-21 13:40 . 2010-10-05 20:49 -------- d-sh--w- c:windowsInstaller
2012-06-21 13:34 . 2010-01-04 09:12 -------- d-----w- c:program filesCONEXANT
2012-06-21 13:32 . 2009-06-17 01:59 -------- d-----w- c:windowsDebug
2010-10-08 21:45 . 2010-04-29 19:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-10-08 21:45 . 2010-04-29 19:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-10-08 21:45 . 2010-10-08 21:45 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-10-05 23:00 . 2010-10-05 23:00 -------- d-----w- c:usersTinaAppDataRoamingBlackberry Desktop
2010-10-05 22:49 . 2010-10-05 22:49 -------- d-----w- c:usersTinaAppDataRoamingMedia Player Classic
2010-10-05 20:50 . 2010-10-05 20:51 -------- d-----w- c:usersTinaAppDataRoamingResearch In Motion
2010-10-05 20:46 . 2010-10-05 20:46 -------- d-----w- c:programdataResearch In Motion
2010-10-05 20:45 . 2010-10-05 20:46 -------- d-----w- c:program filesCommon FilesResearch In Motion
2010-10-05 20:45 . 2010-10-05 20:45 -------- d-----w- c:program filesResearch In Motion
2010-09-30 17:36 . 2010-09-30 17:36 -------- d-----w- c:usersTinaAppDataLocalAddNewFriends_LLC
2010-09-30 17:34 . 2010-09-30 18:01 -------- d-----w- c:usersTinaAppDataLocalTubeBlasterPro
2010-09-30 17:34 . 2010-09-30 17:36 -------- d-----w- c:program filesTubeBlasterPro
2010-09-30 07:55 . 2010-09-30 09:10 -------- d-----w- c:usersTinaAppDataLocalDeepLinkerPro
2010-09-28 23:46 . 2010-09-28 23:46 133490 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{01348EAE-FD1C-4E80-9803-AF966F59330E}_A4BA6A7D3076E50784265E.exe
2010-09-28 23:46 . 2010-09-28 23:46 133490 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{01348EAE-FD1C-4E80-9803-AF966F59330E}_565A385AFB3779FED92BD2.exe
2010-09-28 23:43 . 2010-09-28 23:43 113395 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{C69E6BC6-98A7-40DB-8F69-7C769E3CDFA1}_C20A96D7AFCBCD6B6100E8.exe
2010-09-28 23:43 . 2010-09-28 23:43 10134 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{C69E6BC6-98A7-40DB-8F69-7C769E3CDFA1}_FA5EC27858ABC99BA88096.exe
2010-09-28 23:43 . 2010-09-28 23:46 -------- d-----w- c:program filesTraffic Addict
2010-09-21 19:16 . 2010-09-21 19:16 -------- d-----w- c:program filesUniblue
2010-09-20 06:58 . 2010-09-20 06:58 -------- d-----w- c:usersTina.AnywherePEViewer
2010-09-20 06:58 . 2010-09-20 06:58 -------- d-----w- c:program filesAnywhere PE Viewer 0.1.7
2010-09-19 08:21 . 2010-09-19 08:21 -------- d-----w- c:usersTinaAppDataRoamingHi-Rez Studios
2010-09-19 08:20 . 2010-09-20 18:23 -------- d--h--w- c:windowsmsdownld.tmp
2010-09-18 10:30 . 2010-10-08 20:49 -------- d-----w- c:usersTinaAppDataRoamingRainmeter
2010-09-18 10:28 . 2010-09-18 10:30 -------- d-----w- c:program filesRainmeter
2010-09-18 07:43 . 2010-09-18 07:44 -------- d-----w- c:usersTinaSaved Pictures
2010-09-17 22:53 . 2010-09-17 22:53 -------- d-----w- c:program files4Media
2010-09-15 06:24 . 2009-12-09 21:31 20992 ----a-w- c:usersTinaAppDataRoamingThunderbirdProfilesvd0c18cu.defaultextensions{de1b245c-de57-11da-ba2d-0050c2490048}libraryWINNT-32MinimizeToTrayPlus.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 14:29 . 2012-06-21 14:29 -------- d-----w- c:program filesearthlink totalaccess
2010-10-08 21:44 . 2009-06-01 02:05 -------- d-----w- c:program fileskikin
2010-10-08 20:48 . 2010-03-29 07:16 -------- d-----w- c:program filesRocketDock
2010-10-08 17:59 . 2010-05-18 12:19 -------- d-----w- c:usersTinaAppDataRoamingLimeWire
2010-10-01 00:01 . 2010-04-23 06:46 -------- d-----w- c:usersTinaAppDataRoamingFileZilla
2010-09-30 15:55 . 2010-02-19 21:54 -------- d-----w- c:usersTinaAppDataRoamingSkype
2010-09-30 12:09 . 2010-02-19 21:55 -------- d-----w- c:usersTinaAppDataRoamingskypePM
2010-09-30 04:09 . 2009-08-22 09:50 227124 ---ha-w- c:windowssystem32mlfcache.dat
2010-09-27 13:06 . 2010-09-01 08:03 -------- d-----w- c:program filesFFB - Facebook Friend Bomber
2010-09-21 19:16 . 2010-05-18 12:58 -------- d-----w- c:usersTinaAppDataRoamingUniblue
2010-09-21 17:56 . 2009-05-12 23:01 145368 ----a-w- c:usersTinaAppDataLocalGDIPFONTCACHEV1.DAT
2010-09-20 18:24 . 2009-05-16 02:06 -------- d-----w- c:program filesSteam
2010-09-20 16:55 . 2010-09-02 18:01 -------- d-----w- c:program filesiTunes
2010-09-20 13:54 . 2009-06-05 02:19 -------- d-----w- c:program filesLexmark Printable Web
2010-09-20 07:27 . 2009-05-14 21:15 -------- d-----w- c:usersTinaAppDataRoamingXfire
2010-09-20 07:25 . 2009-05-14 21:15 -------- d-----w- c:programdataXfire
2010-09-19 08:15 . 2009-08-17 05:20 -------- d-----w- c:program filesCommon FilesWise Installation Wizard
2010-09-18 11:42 . 2010-04-21 00:36 -------- d-----w- c:program filesMozilla Thunderbird
2010-09-18 05:19 . 2009-06-05 02:30 -------- d-----w- c:programdataLx_cats
2010-09-17 22:35 . 2009-07-10 00:07 -------- d-----w- c:usersTinaAppDataRoamingAVS4YOU
2010-09-17 22:33 . 2009-07-10 00:06 -------- d-----w- c:program filesAVS4YOU
2010-09-17 22:05 . 2010-04-06 09:24 -------- d-----w- c:program filesJDownloader
2010-09-15 00:01 . 2009-06-05 02:34 2588 ----a-w- c:usersTinaAppDataRoamingwklnhst.dat
2010-09-14 23:23 . 2009-08-22 09:22 -------- d-----w- c:program filesDigsby
2010-09-12 07:38 . 2010-09-02 10:02 -------- d-----w- c:program filesFriendBlasterPro
2010-09-08 21:17 . 2010-09-08 21:10 -------- d-----w- c:program filesRegCure
2010-09-08 21:10 . 2010-09-08 21:10 -------- d-----w- c:programdataRegCure
2010-09-08 21:10 . 2010-09-08 21:10 -------- dc----w- c:programdata{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-09-07 06:01 . 2009-06-22 21:11 -------- d-----w- c:usersTinaAppDataRoamingTeamViewer
2010-09-02 18:01 . 2010-09-02 18:01 -------- d-----w- c:program filesiPod
2010-09-02 18:01 . 2009-05-14 21:40 -------- d-----w- c:program filesCommon FilesApple
2010-09-02 17:53 . 2010-09-02 17:52 -------- d-----w- c:program filesQuickTime
2010-09-02 17:46 . 2006-11-02 10:25 86016 ----a-w- c:windowsInfinfstor.dat
2010-09-02 17:46 . 2006-11-02 10:25 51200 ----a-w- c:windowsInfinfpub.dat
2010-09-02 17:46 . 2006-11-02 10:25 143360 ----a-w- c:windowsInfinfstrng.dat
2010-09-02 17:41 . 2010-09-02 17:41 -------- d-----w- c:program filesBonjour
2010-09-02 17:38 . 2010-09-02 17:38 73000 ----a-w- c:programdataApple ComputerInstaller CacheiTunes 10.0.0.68SetupAdmin.exe
2010-09-02 08:23 . 2010-09-02 08:23 5694 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{F6CB5EF8-483C-4C64-8A4F-6E89EDBF77D2}_CE88FAF383D43BF9DB679A.exe
2010-09-02 08:23 . 2010-09-02 08:23 5694 ----a-r- c:usersTinaAppDataRoamingMicrosoftInstaller{F6CB5EF8-483C-4C64-8A4F-6E89EDBF77D2}_04077A395CE8174EE39E12.exe
2010-09-02 08:17 . 2010-09-01 09:31 -------- d-----w- c:program filesFacebook FriendAdder Pro
2010-09-01 13:52 . 2010-09-01 13:51 -------- d-----w- c:usersTinaAppDataRoamingooVoo Details
2010-09-01 13:51 . 2010-09-01 13:51 -------- d-----w- c:program filesooVoo
2010-09-01 13:08 . 2009-05-16 02:03 224960 ----a-w- c:windowssystem32PnkBstrB.exe
2010-09-01 12:56 . 2009-05-16 02:04 139104 ----a-w- c:windowssystem32driversPnkBstrK.sys
2010-09-01 12:56 . 2009-05-16 02:03 75064 ----a-w- c:windowssystem32PnkBstrA.exe
2010-09-01 11:11 . 2010-09-01 11:11 -------- d-----w- c:usersTinaAppDataRoamingFaceWizard
2010-08-27 17:52 . 2010-08-24 11:59 -------- d-----w- c:program filesProxyFinderEnterprise
2010-08-26 03:04 . 2010-08-26 03:02 -------- d-----w- c:usersTinaAppDataRoamingTuneAid
2010-08-26 02:31 . 2010-08-26 02:28 -------- d-----w- c:program filesTidySongs
2010-08-26 02:30 . 2010-08-26 02:30 -------- d-----w- c:usersTinaAppDataRoamingtidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
2010-08-26 02:25 . 2010-04-23 04:37 -------- d-----w- c:program filesDupeEliminator
2010-08-26 02:25 . 2010-08-26 02:25 81408 ----a-w- c:program filestaskkill.exe
2010-08-25 07:14 . 2010-08-24 11:43 -------- d-----w- c:program filesProxy Server Finder
2010-08-23 17:59 . 2010-08-23 17:59 -------- d-----w- c:program filesMp3 Song Plays Increaser
2010-08-22 21:15 . 2009-05-14 18:47 1356 ----a-w- c:usersTinaAppDataLocald3d9caps.dat
2010-08-16 18:11 . 2009-06-01 02:05 -------- d-----w- c:usersTinaAppDataRoamingkikin
2010-08-13 01:33 . 2010-08-10 00:25 -------- d-----w- c:program filesCisco Systems
2010-08-10 06:40 . 2009-05-14 21:15 -------- d-----w- c:program filesXfire
2010-08-06 02:25 . 2009-06-18 08:52 697328 ----a-w- c:windowssystem32driverssptd.sys
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:windowssystem32dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:windowssystem32dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"RocketDock"="c:program filesRocketDockRocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"hpsysdrv"="c:hpsupporthpsysdrv.exe" [2006-09-28 65536]
"UnlockerAssistant"="c:program filesUnlockerUnlockerAssistant.exe" [2008-05-02 15872]
"egui"="c:program filesESETESET Smart Securityegui.exe" [2009-09-11 2054360]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-09-01 421160]
"Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2010-04-29 437584]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Rainmeter.lnk - c:program filesRainmeterRainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"UIHost"="logonui.exe, c:windowssystem32dllcacherecycled.exe"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk
backup=c:windowspssMcAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^Users^Tina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
backup=c:windowspssCurseClientStartup.ccip.Startup
backupExtension=.Startup

[HKLM~startupfolderC:^Users^Tina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:windowspssLimeWire On Startup.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurityCenter
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwuqaqwvvdd8c

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:program filesCommon FilesAdobeOOBEPDAppUWAupdaterstartuputility.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:program filesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:program filesDAEMON Tools ProDTAgent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDirectPlayerCore]
2010-03-25 19:55 1146880 ----a-w- c:program filesNBC DirectDirectPlayerCore.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
2005-02-17 06:11 49152 ----a-w- c:program filesHPHP Software UpdatehpwuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLauncher]
2007-03-07 18:09 44168 ----a-w- c:windowsSMINSTLauncher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOsdMaestro]
2007-02-15 10:59 118784 ----a-w- c:program filesHewlett-PackardOn-Screen OSD IndicatorOSD.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPando Media Booster]
2010-05-15 22:27 2937528 ----a-w- c:program filesPando NetworksMedia BoosterPMB.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2010-05-13 21:57 26192168 ----a-r- c:program filesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedUpMyPC]
2010-08-13 11:56 67960 ----a-w- c:program filesUniblueSpeedUpMyPCLauncher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSteam]
2010-09-17 04:54 1242448 ----a-w- c:program filesSteamSteam.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWebcamMaxMoniter]
2007-09-16 05:15 450048 ----a-w- c:program filesWebcamMaxwcmmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
2008-01-19 03:38 1008184 ----a-w- c:program filesWindows DefenderMSASCui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"WinDefend"=2 (0x2)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"ehTray.exe"="c:windowsehomeehTray.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe"
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"EzPrint"="c:program filesLexmark 5600-6600 Seriesezprint.exe"
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-04-27 2870429]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:windowssystem32DRIVERSnetr61.sys [2008-11-26 333824]
R4 gupdate1c9db6111e300d0;Google Update Service (gupdate1c9db6111e300d0);c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-23 133104]
R4 iWinTrusted;iWinTrusted; [x]
R4 lxdu_device;lxdu_device;c:windowssystem32lxducoms.exe [2008-05-23 594600]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:windowssystem32spoolDRIVERSW32X863lxduserv.exe [2008-05-23 98984]
R4 sptd;sptd;c:windowssystem32Driverssptd.sys [2010-08-06 697328]
R4 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2009-09-11 108792]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:windowssystem32DRIVERSCamthWDM.sys [2007-10-06 935936]
S2 ekrn;ESET Service;c:program filesESETESET Smart Securityekrn.exe [2009-09-11 735960]
S2 epfwwfp;epfwwfp;c:windowssystem32DRIVERSepfwwfp.sys [2009-09-11 38240]
S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2010-04-29 304464]
S2 TeamViewer5;TeamViewer 5;c:program filesTeamViewerVersion5TeamViewer_Service.exe [2010-04-16 173352]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:program filesTuneUp Utilities 2010TuneUpUtilitiesService32.exe [2009-12-18 1044808]
S3 AE1000;Linksys AE1000 Driver;c:windowssystem32DRIVERSae1000va.sys [2010-02-12 836384]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:windowssystem32drivershcw18bda.sys [2008-01-29 384896]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-04-29 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:program filesTuneUp Utilities 2010TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:windowsTasksRegCure Program Check.job
- c:program filesRegCureRegCure.exe [2009-09-21 19:18]

2010-10-09 c:windowsTasksRegCure Startup.job
- c:program filesRegCureRegCure.exe [2009-09-21 19:18]

2010-10-05 c:windowsTasksRegCure.job
- c:program filesRegCureRegCure.exe [2009-09-21 19:18]

2010-10-09 c:windowsTasksUser_Feed_Synchronization-{E2E13397-3B52-423F-8AEE-3CD4FE7D0C30}.job
- c:windowssystem32msfeedssync.exe [2009-05-13 11:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:usersTinaAppDataRoamingMozillaFirefoxProfiles1657tio7.default
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF - component: c:program filesPayPalPayPal Plug-IncomponentsPayPalPlugin.dll
FF - plugin: c:program filesDivXDivX Plus Web Playernpdivx32.dll
FF - plugin: c:program filesGoogleUpdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnpijjiautoinstallpluginff.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpijjiFFPlugin1.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpPandoWebInst.dll
FF - plugin: c:program filesNBC DirectnpDirectPlayerMozilla.dll
FF - plugin: c:program filesViewpointViewpoint Media PlayernpViewpoint.dll
FF - plugin: c:usersTinaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll
FF - plugin: c:usersTinaAppDataRoamingIDMbinflashplatformWINNTpluginsnpidmdcp.dll
FF - plugin: c:usersTinaAppDataRoamingMozillaFirefoxProfiles1657tio7.defaultextensions{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}pluginsnpsoe.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



[HKEY_LOCAL_MACHINEsystemControlSet001Servicesnpggsvc]
"ImagePath"="c:windowssystem32GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERSS-1-5-21-3984932898-1970420750-1500784559-1000SoftwareSecuROMLicense information*]
"datasecu"=hex:04,6d,6d,cf,a8,99,86,d9,d6,08,c3,b7,6a,09,7c,c7,d9,0b,9e,65,db,
1e,f5,1b,6f,69,21,99,76,06,93,0e,f8,69,99,49,e4,b3,70,9f,2b,f6,7e,46,9a,b6,
"rkeysecu"=hex:82,e2,de,05,ec,10,48,22,c1,50,8d,8b,27,7f,21,ab

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINEsoftwareESETESET SecurityCurrentVersionInfo]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:ProgramDataESETESET Smart Security"
"DataDir"="ESETESET Smart Security"
"EditionName"=" "
"InstallDir"="c:Program FilesESETESET Smart Security"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{4A31C596-64D5-4613-83FD-D655A421588C}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.467.0"
"UniqueId"="028602004B5C7EEC"
"ScannerBuild"=dword:00001937
"ScannerVersionId"=dword:000012c1
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
Completion time: 2010-10-08 20:42:29
ComboFix-quarantined-files.txt 2010-10-09 00:42

Pre-Run: 75,592,716,288 bytes free
Post-Run: 80,606,580,736 bytes free

- - End Of File - - 58077B9EE367C2D548FB8576C98522A1

had to hurry up and post that, idk what this is but it keeps freezing my browsers, and sends me to blue screen every 20 mins or so..
posting as i go

DDS:
CODE
2010/10/08 17:07:32.0326    TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/08 17:07:32.0326    ================================================================================
2010/10/08 17:07:32.0326    SystemInfo:
2010/10/08 17:07:32.0326    
2010/10/08 17:07:32.0326    OS Version: 6.0.6001 ServicePack: 1.0
2010/10/08 17:07:32.0326    Product type: Workstation
2010/10/08 17:07:32.0326    ComputerName: TYLERS-COMPUTER
2010/10/08 17:07:32.0327    UserName: Tina
2010/10/08 17:07:32.0327    Windows directory: C:Windows
2010/10/08 17:07:32.0327    System windows directory: C:Windows
2010/10/08 17:07:32.0327    Processor architecture: Intel x86
2010/10/08 17:07:32.0327    Number of processors: 2
2010/10/08 17:07:32.0327    Page size: 0x1000
2010/10/08 17:07:32.0327    Boot type: Normal boot
2010/10/08 17:07:32.0327    ================================================================================
2010/10/08 17:10:19.0505    Initialize success
2010/10/08 17:10:22.0843    ================================================================================
2010/10/08 17:10:22.0843    Scan started
2010/10/08 17:10:22.0843    Mode: Manual;
2010/10/08 17:10:22.0843    ================================================================================
2010/10/08 17:10:34.0449    ================================================================================
2010/10/08 17:10:34.0449    Scan started
2010/10/08 17:10:34.0449    Mode: Manual;
2010/10/08 17:10:34.0449    ================================================================================
2010/10/08 17:10:40.0767    ================================================================================
2010/10/08 17:10:40.0767    Scan started
2010/10/08 17:10:40.0767    Mode: Manual;
2010/10/08 17:10:40.0767    ================================================================================
2010/10/08 17:12:00.0905    ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:Windowssystem32driversacpi.sys
2010/10/08 17:12:02.0309    adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:Windowssystem32driversadp94xx.sys
2010/10/08 17:12:04.0680    adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:Windowssystem32driversadpahci.sys
2010/10/08 17:12:06.0021    adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:Windowssystem32driversadpu160m.sys
2010/10/08 17:12:08.0127    adpu320         (9ae713f8e30efc2abccd84904333df4d) C:Windowssystem32driversadpu320.sys
2010/10/08 17:12:10.0327    AE1000          (5efe06456dbc5cd87cadc42af8d31cd9) C:Windowssystem32DRIVERSae1000va.sys
2010/10/08 17:12:12.0027    AFD             (763e172a55177e478cb419f88fd0ba03) C:Windowssystem32driversafd.sys
2010/10/08 17:12:14.0009    agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:Windowssystem32driversagp440.sys
2010/10/08 17:12:15.0647    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:Windowssystem32driversdjsvs.sys
2010/10/08 17:12:17.0004    aliide          (90395b64600ebb4552e26e178c94b2e4) C:Windowssystem32driversaliide.sys
2010/10/08 17:12:18.0579    amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:Windowssystem32driversamdagp.sys
2010/10/08 17:12:20.0249    amdide          (0577df1d323fe75a739c787893d300ea) C:Windowssystem32driversamdide.sys
2010/10/08 17:12:21.0980    AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:Windowssystem32driversamdk7.sys
2010/10/08 17:12:23.0259    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:Windowssystem32DRIVERSamdk8.sys
2010/10/08 17:12:25.0272    arc             (5f673180268bb1fdb69c99b6619fe379) C:Windowssystem32driversarc.sys
2010/10/08 17:12:26.0567    arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:Windowssystem32driversarcsas.sys
2010/10/08 17:12:28.0610    AsyncMac        (53b202abee6455406254444303e87be1) C:Windowssystem32DRIVERSasyncmac.sys
2010/10/08 17:12:30.0529    atapi           (2d9c903dc76a66813d350a562de40ed9) C:Windowssystem32driversatapi.sys
2010/10/08 17:12:31.0793    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:Windowssystem32driversBeep.sys
2010/10/08 17:12:34.0382    bowser          (74b442b2be1260b7588c136177ceac66) C:Windowssystem32DRIVERSbowser.sys
2010/10/08 17:12:35.0755    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:Windowssystem32driversbrfiltlo.sys
2010/10/08 17:12:37.0471    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:Windowssystem32driversbrfiltup.sys
2010/10/08 17:12:38.0251    Bridge          (72df06d26ae4ced2e08f428b96302b0e) C:Windowssystem32DRIVERSbridge.sys
2010/10/08 17:12:38.0516    BridgeMP        (72df06d26ae4ced2e08f428b96302b0e) C:Windowssystem32DRIVERSbridge.sys
2010/10/08 17:12:40.0295    Brserid         (b304e75cff293029eddf094246747113) C:Windowssystem32driversbrserid.sys
2010/10/08 17:12:40.0763    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:Windowssystem32driversbrserwdm.sys
2010/10/08 17:12:40.0965    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:Windowssystem32driversbrusbmdm.sys
2010/10/08 17:12:42.0198    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:Windowssystem32driversbrusbser.sys
2010/10/08 17:12:43.0430    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:Windowssystem32driversbthmodem.sys
2010/10/08 17:12:44.0413    CamthWDM        (9fe3e82ab15e5e02607f58152b964351) C:Windowssystem32DRIVERSCamthWDM.sys
2010/10/08 17:12:44.0959    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:Windowssystem32DRIVERScdfs.sys
2010/10/08 17:12:45.0973    cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:Windowssystem32DRIVERScdrom.sys
2010/10/08 17:12:46.0925    circlass        (e5d4133f37219dbcfe102bc61072589d) C:Windowssystem32DRIVERScirclass.sys
2010/10/08 17:12:47.0954    CLFS            (465745561c832b29f7c48b488aab3842) C:Windowssystem32CLFS.sys
2010/10/08 17:12:49.0639    cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:Windowssystem32driverscmdide.sys
2010/10/08 17:12:49.0982    Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:Windowssystem32driverscompbatt.sys
2010/10/08 17:12:50.0169    crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:Windowssystem32driverscrcdisk.sys
2010/10/08 17:12:51.0605    Crusoe          (22a7f883508176489f559ee745b5bf5d) C:Windowssystem32driverscrusoe.sys
2010/10/08 17:12:53.0118    DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:Windowssystem32Driversdfsc.sys
2010/10/08 17:12:54.0288    disk            (64109e623abd6955c8fb110b592e68b7) C:Windowssystem32driversdisk.sys
2010/10/08 17:12:56.0378    drmkaud         (97fef831ab90bee128c9af390e243f80) C:Windowssystem32driversdrmkaud.sys
2010/10/08 17:12:57.0111    DSDrv4          (8462304cbd54857a5943bda8a6ede5ed) C:PROGRA~1DScalerDSDrv4.sys
2010/10/08 17:12:58.0531    DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:WindowsSystem32driversdxgkrnl.sys
2010/10/08 17:13:00.0434    E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:Windowssystem32DRIVERSE1G60I32.sys
2010/10/08 17:13:01.0589    eamon           (30372bcc67d63bee538cdfeca755d81c) C:Windowssystem32DRIVERSeamon.sys
2010/10/08 17:13:03.0195    Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:Windowssystem32driversecache.sys
2010/10/08 17:13:03.0866    ehdrv           (6504d6afb75fef830dd99e8c4235d54d) C:Windowssystem32DRIVERSehdrv.sys
2010/10/08 17:13:05.0754    elxstor         (e8f3f21a71720c84bcf423b80028359f) C:Windowssystem32driverselxstor.sys
2010/10/08 17:13:06.0191    epfw            (86895d4413316becc2d7944d2749586c) C:Windowssystem32DRIVERSepfw.sys
2010/10/08 17:13:07.0439    Epfwndis        (3b47010b2425b69826004767e59045ba) C:Windowssystem32DRIVERSEpfwndis.sys
2010/10/08 17:13:08.0359    epfwwfp         (396ce762d1650387a2fe184e245fbba1) C:Windowssystem32DRIVERSepfwwfp.sys
2010/10/08 17:13:09.0092    exfat           (0d858eb20589a34efb25695acaa6aa2d) C:Windowssystem32driversexfat.sys
2010/10/08 17:13:10.0808    fastfat         (3c489390c2e2064563727752af8eab9e) C:Windowssystem32driversfastfat.sys
2010/10/08 17:13:11.0495    fdc             (63bdada84951b9c03e641800e176898a) C:Windowssystem32DRIVERSfdc.sys
2010/10/08 17:13:12.0945    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:Windowssystem32driversfileinfo.sys
2010/10/08 17:13:13.0757    Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:Windowssystem32driversfiletrace.sys
2010/10/08 17:13:14.0131    flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:Windowssystem32DRIVERSflpydisk.sys
2010/10/08 17:13:15.0675    FltMgr          (05ea53afe985443011e36dab07343b46) C:Windowssystem32driversfltmgr.sys
2010/10/08 17:13:16.0206    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:Windowssystem32driversFs_Rec.sys
2010/10/08 17:13:16.0721    gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:Windowssystem32driversgagp30kx.sys
2010/10/08 17:13:17.0781    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:Windowssystem32DRIVERSGEARAspiWDM.sys
2010/10/08 17:13:18.0624    hcw18bda        (e5b3eb916ef245075a243821ff7320d5) C:Windowssystem32drivershcw18bda.sys
2010/10/08 17:13:20.0059    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:Windowssystem32driversHdAudio.sys
2010/10/08 17:13:20.0730    HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:Windowssystem32DRIVERSHDAudBus.sys
2010/10/08 17:13:22.0118    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:Windowssystem32drivershidbth.sys
2010/10/08 17:13:22.0883    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:Windowssystem32DRIVERShidir.sys
2010/10/08 17:13:23.0382    HidUsb          (854ca287ab7faf949617a788306d967e) C:Windowssystem32DRIVERShidusb.sys
2010/10/08 17:13:24.0677    HpCISSs         (df353b401001246853763c4b7aaa6f50) C:Windowssystem32drivershpcisss.sys
2010/10/08 17:13:25.0425    HSF_DP          (729ff797a69cd3e96bbaea1e35e56738) C:Windowssystem32DRIVERSHSX_DP.sys
2010/10/08 17:13:27.0375    HSXHWBS2        (e8eb7746002e2038345e6839503e3c4a) C:Windowssystem32DRIVERSHSXHWBS2.sys
2010/10/08 17:13:28.0561    HTTP            (406c027c18e98a396faa1963dad5ff70) C:Windowssystem32driversHTTP.sys
2010/10/08 17:13:30.0355    i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:Windowssystem32driversi2omp.sys
2010/10/08 17:13:31.0026    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:Windowssystem32DRIVERSi8042prt.sys
2010/10/08 17:13:32.0461    iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:Windowssystem32driversiastorv.sys
2010/10/08 17:13:33.0974    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:Windowssystem32driversiirsp.sys
2010/10/08 17:13:37.0235    IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:Windowssystem32driversRTKVHDA.sys
2010/10/08 17:13:38.0015    intelide        (97469037714070e45194ed318d636401) C:Windowssystem32driversintelide.sys
2010/10/08 17:13:39.0403    intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:Windowssystem32DRIVERSintelppm.sys
2010/10/08 17:13:40.0745    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:Windowssystem32DRIVERSipfltdrv.sys
2010/10/08 17:13:43.0802    IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:Windowssystem32driversipmidrv.sys
2010/10/08 17:13:44.0520    IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:Windowssystem32DRIVERSipnat.sys
2010/10/08 17:13:46.0220    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:Windowssystem32driversirenum.sys
2010/10/08 17:13:47.0234    isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:Windowssystem32driversisapnp.sys
2010/10/08 17:13:48.0482    iScsiPrt        (f247eec28317f6c739c16de420097301) C:Windowssystem32DRIVERSmsiscsi.sys
2010/10/08 17:13:49.0683    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:Windowssystem32driversiteatapi.sys
2010/10/08 17:13:50.0651    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:Windowssystem32driversiteraid.sys
2010/10/08 17:13:52.0367    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:Windowssystem32DRIVERSkbdclass.sys
2010/10/08 17:13:53.0490    kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:Windowssystem32DRIVERSkbdhid.sys
2010/10/08 17:13:54.0473    KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:Windowssystem32Driversksecdd.sys
2010/10/08 17:13:56.0033    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:Windowssystem32DRIVERSlltdio.sys
2010/10/08 17:13:57.0015    LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:Windowssystem32driverslsi_fc.sys
2010/10/08 17:13:58.0357    LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:Windowssystem32driverslsi_sas.sys
2010/10/08 17:13:59.0652    LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:Windowssystem32driverslsi_scsi.sys
2010/10/08 17:14:00.0947    luafv           (8f5c7426567798e62a3b3614965d62cc) C:Windowssystem32driversluafv.sys
2010/10/08 17:14:02.0553    mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:Windowssystem32DRIVERSmdmxsdk.sys
2010/10/08 17:14:03.0723    megasas         (d153b14fc6598eae8422a2037553adce) C:Windowssystem32driversmegasas.sys
2010/10/08 17:14:05.0455    Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:Windowssystem32driversmodem.sys
2010/10/08 17:14:06.0407    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:Windowssystem32DRIVERSmonitor.sys
2010/10/08 17:14:07.0873    mouclass        (5bf6a1326a335c5298477754a506d263) C:Windowssystem32DRIVERSmouclass.sys
2010/10/08 17:14:09.0573    mouhid          (93b8d4869e12cfbe663915502900876f) C:Windowssystem32DRIVERSmouhid.sys
2010/10/08 17:14:10.0478    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:Windowssystem32driversmountmgr.sys
2010/10/08 17:14:12.0615    mpio            (583a41f26278d9e0ea548163d6139397) C:Windowssystem32driversmpio.sys
2010/10/08 17:14:13.0473    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:Windowssystem32driversmpsdrv.sys
2010/10/08 17:14:14.0675    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:Windowssystem32driversmraid35x.sys
2010/10/08 17:14:16.0500    MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:Windowssystem32driversmrxdav.sys
2010/10/08 17:14:17.0405    mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:Windowssystem32DRIVERSmrxsmb.sys
2010/10/08 17:14:19.0152    mrxsmb10        (0a986b34f1678a2697574d7b1664e2dd) C:Windowssystem32DRIVERSmrxsmb10.sys
2010/10/08 17:14:20.0025    mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:Windowssystem32DRIVERSmrxsmb20.sys
2010/10/08 17:14:21.0632    msahci          (742aed7939e734c36b7e8d6228ce26b7) C:Windowssystem32driversmsahci.sys
2010/10/08 17:14:22.0849    msdsm           (3fc82a2ae4cc149165a94699183d3028) C:Windowssystem32driversmsdsm.sys
2010/10/08 17:14:23.0801    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:Windowssystem32driversMsfs.sys
2010/10/08 17:14:25.0485    msisadrv        (0f400e306f385c56317357d6dea56f62) C:Windowssystem32driversmsisadrv.sys
2010/10/08 17:14:26.0780    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:Windowssystem32driversMSKSSRV.sys
2010/10/08 17:14:27.0732    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:Windowssystem32driversMSPCLOCK.sys
2010/10/08 17:14:28.0980    MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:Windowssystem32driversMSPQM.sys
2010/10/08 17:14:29.0838    MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:Windowssystem32driversMsRPC.sys
2010/10/08 17:14:31.0445    mssmbios        (e384487cb84be41d09711c30ca79646c) C:Windowssystem32DRIVERSmssmbios.sys
2010/10/08 17:14:32.0583    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:Windowssystem32driversMSTEE.sys
2010/10/08 17:14:33.0363    Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:Windowssystem32Driversmup.sys
2010/10/08 17:14:35.0376    NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:Windowssystem32DRIVERSnwifi.sys
2010/10/08 17:14:37.0029    NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:Windowssystem32driversndis.sys
2010/10/08 17:14:38.0465    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:Windowssystem32DRIVERSndistapi.sys
2010/10/08 17:14:39.0213    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:Windowssystem32DRIVERSndisuio.sys
2010/10/08 17:14:39.0806    NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:Windowssystem32DRIVERSndiswan.sys
2010/10/08 17:14:40.0508    NDProxy         (71dab552b41936358f3b541ae5997fb3) C:Windowssystem32driversNDProxy.sys
2010/10/08 17:14:40.0664    NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:Windowssystem32DRIVERSnetbios.sys
2010/10/08 17:14:41.0491    netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:Windowssystem32DRIVERSnetbt.sys
2010/10/08 17:14:42.0645    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:Windowssystem32driversnfrd960.sys
2010/10/08 17:14:43.0862    Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:Windowssystem32driversNpfs.sys
2010/10/08 17:14:45.0797    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:Windowssystem32driversnsiproxy.sys
2010/10/08 17:14:48.0339    Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:Windowssystem32driversNtfs.sys
2010/10/08 17:14:50.0149    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:Windowssystem32driversntrigdigi.sys
2010/10/08 17:14:51.0459    Null            (c5dbbcda07d780bda9b685df333bb41e) C:Windowssystem32driversNull.sys
2010/10/08 17:14:54.0002    NVENETFD        (74c825c573aa6e115590d94e7bf86901) C:Windowssystem32DRIVERSnvmfdx32.sys
2010/10/08 17:14:59.0525    nvlddmkm        (484844c0d892b42ecc5e6b063d072a38) C:Windowssystem32DRIVERSnvlddmkm.sys
2010/10/08 17:15:03.0300    nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:Windowssystem32driversnvraid.sys
2010/10/08 17:15:04.0751    nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:Windowssystem32driversnvstor.sys
2010/10/08 17:15:06.0997    nvstor32        (019054d997f65358dca63ecae5103f97) C:Windowssystem32driversnvstor32.sys
2010/10/08 17:15:08.0151    nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:Windowssystem32driversnv_agp.sys
2010/10/08 17:15:12.0036    ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:Windowssystem32DRIVERSohci1394.sys
2010/10/08 17:15:13.0003    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:Windowssystem32driversparport.sys
2010/10/08 17:15:14.0423    partmgr         (3b38467e7c3daed009dfe359e17f139f) C:Windowssystem32driverspartmgr.sys
2010/10/08 17:15:16.0045    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:Windowssystem32driversparvdm.sys
2010/10/08 17:15:18.0011    pci             (01b94418deb235dff777cc80076354b4) C:Windowssystem32driverspci.sys
2010/10/08 17:15:19.0337    pciide          (fc175f5ddab666d7f4d17449a547626f) C:Windowssystem32driverspciide.sys
2010/10/08 17:15:20.0959    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:Windowssystem32driverspcmcia.sys
2010/10/08 17:15:22.0706    pcouffin        (02aaafb7ba137ce5ddabcdf8090954d9) C:Windowssystem32Driverspcouffin.sys
2010/10/08 17:15:23.0845    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:Windowssystem32driverspeauth.sys
2010/10/08 17:15:26.0169    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:Windowssystem32DRIVERSraspptp.sys
2010/10/08 17:15:27.0776    Processor       (0e3cef5d28b40cf273281d620c50700a) C:Windowssystem32driversprocessr.sys
2010/10/08 17:15:29.0679    Ps2             (390c204ced3785609ab24e9c52054a84) C:Windowssystem32DRIVERSPS2.sys
2010/10/08 17:15:31.0364    PSched          (bfef604508a0ed1eae2a73e872555ffb) C:Windowssystem32DRIVERSpacer.sys
2010/10/08 17:15:31.0973    PxHelp20        (d86b4a68565e444d76457f14172c875a) C:Windowssystem32DriversPxHelp20.sys
2010/10/08 17:15:33.0470    ql2300          (ccdac889326317792480c0a67156a1ec) C:Windowssystem32driversql2300.sys
2010/10/08 17:15:34.0874    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:Windowssystem32driversql40xx.sys
2010/10/08 17:15:35.0436    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:Windowssystem32driversqwavedrv.sys
2010/10/08 17:15:36.0465    RasAcd          (147d7f9c556d259924351feb0de606c3) C:Windowssystem32DRIVERSrasacd.sys
2010/10/08 17:15:37.0776    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:Windowssystem32DRIVERSrasl2tp.sys
2010/10/08 17:15:38.0462    RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:Windowssystem32DRIVERSraspppoe.sys
2010/10/08 17:15:39.0117    RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:Windowssystem32DRIVERSrassstp.sys
2010/10/08 17:15:40.0350    rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:Windowssystem32DRIVERSrdbss.sys
2010/10/08 17:15:41.0005    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:Windowssystem32DRIVERSRDPCDD.sys
2010/10/08 17:15:42.0908    rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:Windowssystem32driversrdpdr.sys
2010/10/08 17:15:45.0061    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:Windowssystem32driversrdpencdd.sys
2010/10/08 17:15:46.0387    RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:Windowssystem32driversRDPWD.sys
2010/10/08 17:15:48.0087    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:Windowssystem32DRIVERSrspndr.sys
2010/10/08 17:15:48.0883    rt61x86         (92f0efc2d29d2b38adf9fe49701523c1) C:Windowssystem32DRIVERSnetr61.sys
2010/10/08 17:15:49.0944    sbp2port        (3ce8f073a557e172b330109436984e30) C:Windowssystem32driverssbp2port.sys
2010/10/08 17:15:51.0254    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:Windowssystem32driverssecdrv.sys
2010/10/08 17:15:52.0752    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:Windowssystem32driversserenum.sys
2010/10/08 17:15:54.0405    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:Windowssystem32driversserial.sys
2010/10/08 17:15:54.0967    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:Windowssystem32driverssermouse.sys
2010/10/08 17:15:55.0575    sffdisk         (103b79418da647736ee95645f305f68a) C:Windowssystem32driverssffdisk.sys
2010/10/08 17:15:56.0231    sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:Windowssystem32driverssffp_mmc.sys
2010/10/08 17:15:57.0900    sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:Windowssystem32driverssffp_sd.sys
2010/10/08 17:15:59.0179    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:Windowssystem32driverssfloppy.sys
2010/10/08 17:15:59.0975    sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:Windowssystem32driverssisagp.sys
2010/10/08 17:16:01.0394    SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:Windowssystem32driverssisraid2.sys
2010/10/08 17:16:02.0549    SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:Windowssystem32driverssisraid4.sys
2010/10/08 17:16:04.0015    Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:Windowssystem32DRIVERSsmb.sys
2010/10/08 17:16:06.0168    spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:Windowssystem32driversspldr.sys
2010/10/08 17:16:09.0803    sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:Windowssystem32Driverssptd.sys
2010/10/08 17:16:09.0803    Suspicious file (NoAccess): C:Windowssystem32Driverssptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2010/10/08 17:16:09.0927    sptd - detected Locked file (1)
2010/10/08 17:16:11.0909    srv             (73dddbeec61e78568082916a27aadaee) C:Windowssystem32DRIVERSsrv.sys
2010/10/08 17:16:13.0110    srv2            (805fac010405ad3f82ef8df0bb035d81) C:Windowssystem32DRIVERSsrv2.sys
2010/10/08 17:16:14.0935    srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:Windowssystem32DRIVERSsrvnet.sys
2010/10/08 17:16:16.0277    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:Windowssystem32DRIVERSswenum.sys
2010/10/08 17:16:17.0805    Symc8xx         (192aa3ac01df071b541094f251deed10) C:Windowssystem32driverssymc8xx.sys
2010/10/08 17:16:19.0521    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:Windowssystem32driverssym_hi.sys
2010/10/08 17:16:21.0331    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:Windowssystem32driverssym_u3.sys
2010/10/08 17:16:22.0563    Tcpip           (82e266bee5f0167e41c6ecfdd2a79c02) C:Windowssystem32driverstcpip.sys
2010/10/08 17:16:25.0621    Tcpip6          (82e266bee5f0167e41c6ecfdd2a79c02) C:Windowssystem32DRIVERStcpip.sys
2010/10/08 17:16:26.0838    tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:Windowssystem32driverstcpipreg.sys
2010/10/08 17:16:27.0696    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:Windowssystem32driverstdpipe.sys
2010/10/08 17:16:29.0147    TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:Windowssystem32driverstdtcp.sys
2010/10/08 17:16:30.0395    tdx             (b2648c5fa8f63c18735e298e5d52103e) C:Windowssystem32DRIVERStdx.sys
2010/10/08 17:16:30.0395    Suspicious file (Forged): C:Windowssystem32DRIVERStdx.sys. Real md5: b2648c5fa8f63c18735e298e5d52103e, Fake md5: d09276b1fab033ce1d40dcbdf303d10f
2010/10/08 17:16:30.0395    tdx - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/08 17:16:31.0424    TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:Windowssystem32DRIVERStermdd.sys
2010/10/08 17:16:33.0109    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:Windowssystem32DRIVERStssecsrv.sys
2010/10/08 17:16:33.0889    TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesDriver32.sys
2010/10/08 17:16:35.0309    tunmp           (caecc0120ac49e3d2f758b9169872d38) C:Windowssystem32DRIVERStunmp.sys
2010/10/08 17:16:36.0167    tunnel          (119b8184e106baedc83fce5ddf3950da) C:Windowssystem32DRIVERStunnel.sys
2010/10/08 17:16:37.0165    uagp35          (c3ade15414120033a36c0f293d4a4121) C:Windowssystem32driversuagp35.sys
2010/10/08 17:16:37.0493    udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:Windowssystem32DRIVERSudfs.sys
2010/10/08 17:16:39.0396    uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:Windowssystem32driversuliagpkx.sys
2010/10/08 17:16:41.0003    uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:Windowssystem32driversuliahci.sys
2010/10/08 17:16:42.0875    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:Windowssystem32driversulsata.sys
2010/10/08 17:16:44.0747    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:Windowssystem32driversulsata2.sys
2010/10/08 17:16:45.0371    umbus           (32cff9f809ae9aed85464492bf3e32d2) C:Windowssystem32DRIVERSumbus.sys
2010/10/08 17:16:46.0010    UnlockerDriver5 (4847639d852763ee39415c929470f672) C:Program FilesUnlockerUnlockerDriver5.sys
2010/10/08 17:16:47.0477    USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:Windowssystem32Driversusbaapl.sys
2010/10/08 17:16:49.0707    usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:Windowssystem32driversusbaudio.sys
2010/10/08 17:16:51.0501    usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:Windowssystem32DRIVERSusbccgp.sys
2010/10/08 17:16:52.0063    usbcir          (e9476e6c486e76bc4898074768fb7131) C:Windowssystem32DRIVERSusbcir.sys
2010/10/08 17:16:52.0718    usbehci         (cebe90821810e76320155beba722fcf9) C:Windowssystem32DRIVERSusbehci.sys
2010/10/08 17:16:54.0434    usbhub          (cc6b28e4ce39951357963119ce47b143) C:Windowssystem32DRIVERSusbhub.sys
2010/10/08 17:16:56.0384    usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:Windowssystem32DRIVERSusbohci.sys
2010/10/08 17:16:58.0007    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:Windowssystem32DRIVERSusbprint.sys
2010/10/08 17:16:58.0771    usbscan         (a508c9bd8724980512136b039bba65e9) C:Windowssystem32DRIVERSusbscan.sys
2010/10/08 17:17:00.0191    USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:Windowssystem32DRIVERSUSBSTOR.SYS
2010/10/08 17:17:01.0969    usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:Windowssystem32DRIVERSusbuhci.sys
2010/10/08 17:17:03.0825    usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:Windowssystem32Driversusbvideo.sys
2010/10/08 17:17:05.0697    vga             (87b06e1f30b749a114f74622d013f8d4) C:Windowssystem32DRIVERSvgapnp.sys
2010/10/08 17:17:06.0119    VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:WindowsSystem32driversvga.sys
2010/10/08 17:17:06.0992    viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:Windowssystem32driversviaagp.sys
2010/10/08 17:17:08.0147    ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:Windowssystem32driversviac7.sys
2010/10/08 17:17:09.0317    viaide          (fd2e3175fcada350c7ab4521dca187ec) C:Windowssystem32driversviaide.sys
2010/10/08 17:17:10.0705    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:Windowssystem32driversvolmgr.sys
2010/10/08 17:17:12.0561    volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:Windowssystem32driversvolmgrx.sys
2010/10/08 17:17:13.0731    volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:Windowssystem32driversvolsnap.sys
2010/10/08 17:17:14.0761    vsmraid         (d984439746d42b30fc65a4c3546c6829) C:Windowssystem32driversvsmraid.sys
2010/10/08 17:17:15.0385    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:Windowssystem32driverswacompen.sys
2010/10/08 17:17:16.0649    Wanarp          (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys
2010/10/08 17:17:16.0914    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys
2010/10/08 17:17:19.0067    Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:Windowssystem32driverswd.sys
2010/10/08 17:17:20.0985    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:Windowssystem32driversWdf01000.sys
2010/10/08 17:17:22.0124    winachsf        (3b4522d0e750bac8fe7ae61622a57014) C:Windowssystem32DRIVERSHSX_CNXT.sys
2010/10/08 17:17:24.0261    WmiAcpi         (701a9f884a294327e9141d73746ee279) C:Windowssystem32driverswmiacpi.sys
2010/10/08 17:17:26.0087    WpdUsb          (0cec23084b51b8288099eb710224e955) C:Windowssystem32DRIVERSwpdusb.sys
2010/10/08 17:17:27.0459    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:Windowssystem32driversws2ifsl.sys
2010/10/08 17:17:29.0144    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:Windowssystem32DRIVERSWUDFRd.sys
2010/10/08 17:17:29.0831    XAudio          (88af537264f2b818da15479ceeaf5d7c) C:Windowssystem32DRIVERSxaudio.sys
2010/10/08 17:17:30.0236    ================================================================================
2010/10/08 17:17:30.0236    Scan finished
2010/10/08 17:17:30.0236    ================================================================================
2010/10/08 17:17:30.0252    Detected object count: 2


very sorry to disobey rules but my facebook and twitter started to get hacked in a location in germeny which is where the people that own the virus (www.blackhatworld.com). they have a trojan that downloads from the website. more info from www.blackhatworld.org

so can anyone please help me i dont know if you just passed it or someone will get to it

EDIT: Posts merged ~BP

Edited by Orange Blossom, 13 October 2010 - 10:33 PM.

BC AdBot (Login to Remove)

 

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 17 October 2010 - 05:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 27 October 2010 - 06:32 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 08 November 2010 - 06:07 AM

Hi,

topic reopened. Please post your logs here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 10 November 2010 - 07:28 PM

Sorry for the delay, im not at home and havent been lately, so im controlling my computer via teamviewer.
Thanks again for your help
Logs:

OTL.txt:
OTL logfile created on: 11/7/2010 9:52:58 AM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Spaaace | 68.68 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.99 Gb Free Space | 11.24% Space Free | Partition Type: NTFS
 
Computer Name: TYLERS-COMPUTER | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/11/07 09:52:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2010/09/18 06:42:43 | 012,479,664 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/09/16 18:01:42 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/09/01 07:31:54 | 009,762,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/08/13 12:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/06/13 05:55:34 | 000,113,664 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/16 02:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/18 00:14:00 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/12/18 00:12:10 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/05/12 19:37:57 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/11/07 09:52:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (iWinTrusted)
SRV - [2010/09/18 22:16:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/16 02:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/24 13:21:31 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/12/18 00:12:10 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/12/18 00:08:54 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/04/26 19:05:00 | 002,870,429 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/05/23 07:58:34 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/23 07:58:22 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/10/11 16:52:28 | 000,233,472 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\dns\bin\named.exe -- (twdns)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tina\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/05 21:25:14 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/12 15:36:35 | 000,836,384 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ae1000va.sys -- (AE1000)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/11 07:26:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 07:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/11 11:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/26 12:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/28 21:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2008/01/18 20:53:24 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/06 03:38:24 | 000,935,936 | ---- | M] (YewSoft) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\CamthWDM.sys -- (CamthWDM)
DRV - [2007/03/19 08:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/12/07 10:04:40 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/12/07 10:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/12/07 10:03:32 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2006/11/28 11:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.4.0.468
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\flashplugin@idm: C:\Users\Tina\AppData\Roaming\IDM\bin\flash [2010/05/15 17:27:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/01/23 16:25:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\ProgramData\iWin Games\firefox [2009/05/23 21:12:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/01/04 04:13:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 19:52:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/28 19:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 20:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/02 12:54:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/24 12:07:09 | 000,000,000 | ---D | M]
 
[2010/05/18 07:20:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions
[2010/04/20 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/18 07:20:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/11/04 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions
[2010/02/01 00:10:00 | 000,000,000 | ---D | M] () -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/05/15 16:20:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/06 23:36:36 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/01/04 04:13:23 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/05/21 16:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/21 12:48:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/21 12:48:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/04 01:48:47 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\1657tio7.default\extensions\firefox@tvunetworks.com
[2010/01/11 20:34:52 | 000,004,554 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\FireFox\Profiles\1657tio7.default\searchplugins\aim-search.xml
[2010/10/14 20:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/19 16:53:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/05/20 00:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/05/27 15:41:50 | 000,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/05/15 17:27:18 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/12/03 13:11:58 | 000,002,202 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-com.xml
[2009/12/10 09:59:34 | 000,002,198 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml
 
O1 HOSTS File: ([2010/09/22 16:55:46 | 000,620,296 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  ads.active.com
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ad2games.com
O1 - Hosts: 16355 more lines...
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood=1 = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3984932898-1970420750-1500784559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.2 64.233.217.3 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\dllcache\recycled.exe) - C:\Windows\System32\dllcache\recycled.exe File not found
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (.common-controls_6595b64144ccf1df_6.0) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/21 09:19:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
MsConfig - Services: "WinDefend"
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^Tina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Users^Tina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]DAEMON Tools Pro Agent[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]DirectPlayerCore[/b] - hkey= - key= - C:\Program Files\NBC Direct\DirectPlayerCore.exe (NBC  Universal)
MsConfig - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: [b]Launcher[/b] - hkey= - key= - C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
MsConfig - StartUpReg: [b]OsdMaestro[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
MsConfig - StartUpReg: [b]Pando Media Booster[/b] - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: [b]SpeedUpMyPC[/b] - hkey= - key= - C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]WebcamMaxMoniter[/b] - hkey= - key= - C:\Program Files\WebcamMax\wcmmon.exe ()
MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/06/21 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/06/21 09:39:59 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2012/06/21 09:32:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2012/06/21 09:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/06/21 09:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/21 09:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/06/21 09:29:35 | 000,000,000 | ---D | C] -- C:\hp
[2012/06/21 09:29:27 | 000,985,600 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DP.sys
[2012/06/21 09:29:27 | 000,659,968 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2012/06/21 09:29:27 | 000,258,048 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys
[2012/06/21 09:29:27 | 000,172,032 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32m15.dll
[2012/06/21 09:29:27 | 000,094,208 | ---- | C] (Conexant) -- C:\Windows\System32\mdmxsdk.dll
[2012/06/21 09:29:27 | 000,008,192 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys
[2012/06/21 09:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/06/21 09:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\earthlink totalaccess
[2012/06/21 09:29:06 | 000,352,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\idecoiins.dll
[2012/06/21 09:29:06 | 000,352,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\idecoi.dll
[2012/06/21 09:29:06 | 000,101,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2012/06/21 09:28:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/21 09:28:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/06/21 09:28:40 | 000,000,000 | ---D | C] -- C:\Boot
[2012/06/21 09:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor
[2012/06/21 09:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor 5 for Windows
[2012/06/21 09:24:23 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2012/06/21 09:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/21 09:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/21 09:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/06/21 09:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/21 09:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/21 09:19:32 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2012/06/21 09:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2012/06/21 09:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2012/06/21 09:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2012/06/21 09:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012/06/21 09:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/06/21 09:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started
[2012/06/21 09:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/06/21 09:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2012/06/21 09:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2012/06/21 09:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/06/21 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2012/06/21 09:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2012/06/21 09:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2012/06/21 09:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2012/06/21 09:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/06/21 09:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/06/21 09:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/06/21 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2012/06/21 09:02:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/06/21 08:57:04 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/06/21 08:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/06/21 08:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/06/21 08:56:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/06/21 08:56:44 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/06/21 08:56:43 | 004,390,912 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2012/06/21 08:56:43 | 002,523,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/06/21 08:56:00 | 000,139,264 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwecppp.ax
[2012/06/21 08:56:00 | 000,096,256 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwcp.ax
[2012/06/21 08:54:36 | 000,604,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2012/06/21 08:54:35 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2012/06/21 08:54:34 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2012/06/21 08:54:33 | 000,801,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2012/06/21 08:54:33 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2012/06/21 08:45:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2012/06/21 08:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/06/21 08:43:36 | 000,048,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\RUNCLOSE.OCX
[2012/06/21 08:43:36 | 000,019,072 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys
[2012/06/21 08:42:55 | 000,253,952 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\cPC_DMIRD.dll
[2012/06/21 08:40:49 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2012/06/21 08:40:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/21 08:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/06/21 08:32:39 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/06/21 08:31:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/07 09:52:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2010/11/04 14:12:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\FullHDWallpapersPack38
[2010/11/02 17:51:48 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Virus Tools
[2010/10/21 00:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/21 00:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/21 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/21 00:05:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\vlc
[2010/10/21 00:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/20 23:55:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/20 23:55:59 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/20 23:55:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/10/20 23:55:55 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/10/20 23:55:54 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/10/20 23:34:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/20 23:34:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/20 23:34:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/20 23:26:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/20 23:26:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/20 23:26:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/20 23:18:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/20 23:18:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/20 23:18:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/20 23:18:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/20 23:18:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/20 23:18:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/20 23:18:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/20 23:18:20 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/20 23:18:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/20 23:18:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/20 23:18:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/20 23:18:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/20 23:18:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/20 23:18:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/20 23:18:13 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/20 23:18:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/20 23:18:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/20 23:17:42 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/10/20 23:17:42 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/10/20 23:17:34 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/10/20 23:17:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/10/20 23:17:32 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/10/20 23:17:31 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/10/20 23:17:26 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/10/20 23:17:26 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/10/20 23:17:24 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/10/20 23:17:00 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/20 23:15:36 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/20 23:15:33 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/20 23:15:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/20 23:15:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/20 23:15:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/20 23:15:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/20 23:15:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/20 23:15:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/20 23:12:39 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/20 23:12:39 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/20 23:12:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/20 23:12:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/20 23:11:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/10/20 23:11:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/10/20 23:11:16 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/20 23:10:30 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/20 23:09:29 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/20 23:09:28 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/20 23:09:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/10/20 23:09:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/20 23:09:05 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/20 23:08:26 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/20 23:07:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/20 23:07:01 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/20 23:07:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/20 23:07:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/20 23:06:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/20 23:06:41 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/20 23:06:40 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/20 23:03:59 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/20 23:03:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/20 23:03:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/20 23:03:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/20 23:03:45 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/20 23:03:39 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/20 23:03:38 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/20 23:03:06 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/10/20 23:02:48 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/20 23:02:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/20 22:59:38 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/10/20 22:59:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/10/20 22:59:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/20 22:58:57 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/20 22:58:51 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/20 22:58:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/10/20 22:58:29 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/20 22:58:19 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/20 22:58:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/20 22:55:09 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/20 22:55:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/20 22:55:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/20 22:55:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/10/20 21:42:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/20 21:42:51 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/20 21:42:10 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/20 21:42:10 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/20 21:42:10 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/20 21:41:58 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/20 21:41:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/13 15:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Cablenut
[2010/10/11 18:55:20 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Users\Tina\Desktop\TCPOptimizer.exe
[2010/10/08 19:42:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/08 19:42:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/08 19:42:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\temp
[2010/10/08 19:01:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/08 19:01:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/08 19:01:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/08 19:00:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/08 18:58:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/08 18:57:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 18:57:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/08 16:45:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/08 16:45:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/08 16:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 21:25:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\taskkill.exe
[2010/01/23 08:41:27 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\drivers\Interop.MessengerAPI.dll
[2009/07/12 14:26:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tina\AppData\Roaming\pcouffin.sys
[2009/06/04 21:18:31 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2009/06/04 21:18:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2009/06/04 21:18:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2009/06/04 21:18:30 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2009/06/04 21:18:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2009/06/04 21:18:30 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2009/06/04 21:18:30 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2009/06/04 21:18:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2009/06/04 21:18:29 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2009/06/04 21:18:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/06/21 09:19:32 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2012/06/21 08:36:12 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/11/07 09:55:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E2E13397-3B52-423F-8AEE-3CD4FE7D0C30}.job
[2010/11/07 09:52:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2010/11/07 08:52:48 | 000,037,581 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/07 08:52:47 | 000,037,581 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/07 08:52:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 08:52:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 08:52:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/04 16:13:12 | 000,000,175 | ---- | M] () -- C:\Users\Tina\Desktop\.htaccess
[2010/11/04 15:45:25 | 000,000,162 | ---- | M] () -- C:\Users\Tina\Desktop\.htaccesss
[2010/11/04 15:37:23 | 014,501,038 | ---- | M] () -- C:\Users\Tina\Desktop\Virus Tools.zip
[2010/11/04 15:30:59 | 023,636,796 | ---- | M] () -- C:\Users\Tina\Desktop\itunes_x_0_1_untitled__by_gpopper-d2ybvpj.zip
[2010/11/04 15:23:52 | 000,111,104 | ---- | M] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 14:07:35 | 000,081,710 | ---- | M] () -- C:\Users\Tina\Desktop\me.jpg
[2010/11/04 14:03:06 | 078,139,868 | ---- | M] () -- C:\Users\Tina\Desktop\nbe-media.com_FullHDWallpapersPack38.rar
[2010/11/04 14:00:26 | 055,359,110 | ---- | M] () -- C:\Users\Tina\Desktop\Sexy Women HD Widescreen Wallpapers vol142.rar
[2010/11/04 13:41:20 | 000,039,870 | ---- | M] () -- C:\Users\Tina\Desktop\44228_152338241471811_152338114805157_261025_965314_n.jpg
[2010/11/04 12:32:18 | 004,334,366 | ---- | M] () -- C:\Users\Tina\Desktop\My Chemical Romance - Sing.mp3
[2010/11/04 12:11:16 | 304,804,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/03 14:06:45 | 088,374,390 | ---- | M] () -- C:\Users\Tina\Desktop\EMINEM.GWRming.2010..rar
[2010/11/02 22:08:59 | 007,672,781 | ---- | M] () -- C:\Users\Tina\Desktop\rihanna-love_the_way_you_lie_pt_2_feat_eminem.mp3
[2010/11/02 18:58:29 | 000,002,194 | ---- | M] () -- C:\Users\Tina\Desktop\FirstBackup.spg
[2010/11/02 18:58:28 | 000,002,194 | ---- | M] () -- C:\Users\Tina\Desktop\sg_backup_2010-11-02-1958.spg
[2010/10/21 10:19:11 | 000,653,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/21 10:19:11 | 000,122,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/21 09:58:27 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/10/21 00:48:38 | 003,836,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 18:55:22 | 000,659,456 | ---- | M] (Speed Guide Inc.) -- C:\Users\Tina\Desktop\TCPOptimizer.exe
[2010/10/08 19:38:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2010/10/08 16:45:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 15:05:02 | 000,001,456 | ---- | M] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/06/21 09:29:27 | 000,144,201 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty
[2012/06/21 09:28:41 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2012/06/21 09:08:17 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2012/06/21 08:56:00 | 000,174,716 | ---- | C] () -- C:\Windows\System32\drivers\hcw18enc.rom
[2012/06/21 08:56:00 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\hcw18apu.rom
[2012/06/21 08:56:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/06/21 08:56:00 | 000,016,382 | ---- | C] () -- C:\Windows\System32\drivers\hcw18mlC.rom
[2012/06/21 08:56:00 | 000,014,264 | ---- | C] () -- C:\Windows\System32\drivers\hcw18mlB.rom
[2012/06/21 08:44:23 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2012/06/21 08:41:01 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2012/06/21 08:41:01 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2010/11/04 16:12:37 | 000,000,175 | ---- | C] () -- C:\Users\Tina\Desktop\.htaccess
[2010/11/04 15:50:20 | 009,340,260 | ---- | C] () -- C:\Users\Tina\Desktop\Make Her Say.mp3
[2010/11/04 15:49:56 | 007,920,243 | ---- | C] () -- C:\Users\Tina\Desktop\Dreams.mp3
[2010/11/04 15:45:25 | 000,000,162 | ---- | C] () -- C:\Users\Tina\Desktop\.htaccesss
[2010/11/04 15:31:13 | 014,501,038 | ---- | C] () -- C:\Users\Tina\Desktop\Virus Tools.zip
[2010/11/04 15:30:26 | 023,636,796 | ---- | C] () -- C:\Users\Tina\Desktop\itunes_x_0_1_untitled__by_gpopper-d2ybvpj.zip
[2010/11/04 15:09:04 | 007,672,781 | ---- | C] () -- C:\Users\Tina\Desktop\rihanna-love_the_way_you_lie_pt_2_feat_eminem.mp3
[2010/11/04 14:07:35 | 000,081,710 | ---- | C] () -- C:\Users\Tina\Desktop\me.jpg
[2010/11/04 14:01:07 | 078,139,868 | ---- | C] () -- C:\Users\Tina\Desktop\nbe-media.com_FullHDWallpapersPack38.rar
[2010/11/04 13:58:55 | 055,359,110 | ---- | C] () -- C:\Users\Tina\Desktop\Sexy Women HD Widescreen Wallpapers vol142.rar
[2010/11/04 13:41:20 | 000,039,870 | ---- | C] () -- C:\Users\Tina\Desktop\44228_152338241471811_152338114805157_261025_965314_n.jpg
[2010/11/04 12:32:12 | 004,334,366 | ---- | C] () -- C:\Users\Tina\Desktop\My Chemical Romance - Sing.mp3
[2010/11/03 13:42:20 | 088,374,390 | ---- | C] () -- C:\Users\Tina\Desktop\EMINEM.GWRming.2010..rar
[2010/11/02 18:58:28 | 000,002,194 | ---- | C] () -- C:\Users\Tina\Desktop\sg_backup_2010-11-02-1958.spg
[2010/11/02 18:58:28 | 000,002,194 | ---- | C] () -- C:\Users\Tina\Desktop\FirstBackup.spg
[2010/11/02 15:47:10 | 304,804,791 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/21 09:58:27 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/10/21 00:50:52 | 000,037,581 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/21 00:50:51 | 000,037,581 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/20 23:18:22 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/10/20 23:06:44 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/10/11 17:51:43 | 000,006,324 | ---- | C] () -- C:\ProgramData\lxdu.log
[2010/10/08 19:01:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/08 19:01:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/08 19:01:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/08 19:01:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/08 19:01:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/08 16:45:14 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/05 15:51:03 | 000,000,616 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Rim.Desktop.Exception.log
[2010/10/05 15:46:42 | 000,001,602 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/20 02:48:26 | 000,000,132 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/20 02:07:11 | 000,000,132 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 20:09:09 | 000,000,600 | ---- | C] () -- C:\Users\Tina\AppData\Local\PUTTY.RND
[2010/09/01 03:30:49 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/07/28 14:47:11 | 000,001,456 | ---- | C] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/20 22:26:35 | 000,000,600 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\winscp.rnd
[2010/04/04 13:00:12 | 000,081,920 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\ezpinst.exe
[2010/04/03 22:28:56 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/04/01 17:05:37 | 000,024,206 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\UserTile.png
[2010/01/24 06:41:17 | 000,000,011 | ---- | C] () -- C:\Windows\v34peformatei.dll
[2010/01/24 06:41:17 | 000,000,011 | ---- | C] () -- C:\Windows\eithirtyfour.dll
[2010/01/24 06:41:17 | 000,000,000 | ---- | C] () -- C:\Windows\tellei34.sys
[2010/01/24 06:41:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sysaddei34.dll
[2010/01/23 09:09:12 | 000,001,053 | ---- | C] () -- C:\Windows\System32\13l.dll
[2009/08/17 01:05:59 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/08/17 00:20:54 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/12 14:37:24 | 000,000,668 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\vso_ts_preview.xml
[2009/07/12 14:31:49 | 000,000,034 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\pcouffin.log
[2009/07/12 14:26:28 | 000,007,176 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\pcouffin.cat
[2009/07/12 14:26:28 | 000,001,144 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\pcouffin.inf
[2009/07/09 19:47:53 | 000,000,074 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\AVSMediaPlayer.m3u
[2009/06/04 21:34:44 | 000,002,588 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\wklnhst.dat
[2009/06/04 21:22:54 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2009/06/04 21:20:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2009/06/04 21:19:28 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2009/06/04 21:19:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2009/06/04 21:19:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2009/06/04 21:19:27 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/06/04 21:19:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2009/06/04 21:18:31 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2009/06/04 21:18:29 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009/06/04 21:15:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/05/16 01:57:01 | 000,643,072 | ---- | C] () -- C:\Windows\CohUpdater_UI_Win.dll
[2009/05/15 21:04:22 | 000,139,104 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/05/15 21:04:22 | 000,022,328 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\PnkBstrK.sys
[2009/05/15 21:03:48 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/05/14 13:47:06 | 000,001,356 | ---- | C] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2009/05/13 12:05:20 | 000,111,104 | ---- | C] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/06 03:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 09:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 09:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2005/11/08 07:54:26 | 000,000,890 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2005/10/11 16:39:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\bindevt.dll
[2004/12/19 08:29:40 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< CODE >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/05/12 19:37:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/05/12 19:37:57 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2009/05/12 19:37:57 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\explorer.exe
[2009/05/12 19:37:57 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/05/12 19:37:57 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/05/12 20:05:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/05/12 20:05:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/05/12 19:37:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\System32\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/01/18 22:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\System32\rsaenh.dll
[2008/01/18 22:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\System32\SLC.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
[2010/09/01 07:56:00 | 000,139,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:8D93F5F7
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8B919608
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:81A8EE18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:0C889ACE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DE22ABA0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:BF1DFF11
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2CEFEABF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0142BC01
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6FF000AB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D17E8AFC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:127BB39D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:43F3A9F8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:93B1FB40
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FCC014E1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:172B8774
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:38337420
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C83012A4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FE759207
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF8984AC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A950EF43
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:360CDAC9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6B50A605
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8F4E260C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9A953997
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1BDBEB1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E52B0D7C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:ADBEEC66
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8E87BEE4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7CD67850
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7AA328E7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:1409277B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0D4A6333
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:590B1A90
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7FA4F083
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:9D7DCAE4
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8BB2EC84

< End of report >

Extra.txt:
OTL Extras logfile created on: 11/7/2010 9:52:58 AM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 68.68 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.99 Gb Free Space | 11.24% Space Free | Partition Type: NTFS
 
Computer Name: TYLERS-COMPUTER | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3984932898-1970420750-1500784559-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOaFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35A89EC4-D5E0-4C2D-BFCD-DD512EBB51D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{498B00D9-41C7-4B31-8607-04CE941AEBF9}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{579A8C61-D59B-4018-B981-3B73D9F5D0F1}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{654E7D6B-D096-4A78-8DAF-AF4A4737226F}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher | 
"{7907A074-9509-47FD-85C0-BE17A2E38631}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher | 
"{A807787C-D828-4D03-B44F-CD4F7750B912}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AFE1FE0D-986E-4868-A2FA-407BAB88E009}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{B21B4EF7-C25F-4B8A-87B4-412B1A0F82D1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BA99CCF9-FAAC-42A1-82C4-CAB22417FB57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BDA70001-0228-4485-A1B3-93DC1924F144}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0058E044-3EE4-41C6-9B05-B4873FC3C9D8}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{03B694F5-98D2-424D-9187-EAD58BE19F83}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{03BE97E1-7BD3-4B69-84DD-A52FAC9AC626}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04BE2BE7-9688-402D-9600-97C136FCF108}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{05DB70D1-5546-4435-99A0-EF6D9225F465}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{06071C46-8FAD-43E2-8295-B0959BC8C402}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0878782C-AFC0-44EB-ABD0-F9D02E01B06F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AACE15C-5C97-4745-88B6-B9ED6E6F7DD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D32D683-511D-483E-881E-3B2610693D8B}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{0F80BBAD-6E1D-4AC1-B89E-9467605BDC5A}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{0FAE3F0E-1D48-45B5-BFED-82DFAF8CA661}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0FB0BD4B-4C04-4806-BE06-4B3C8DF2467C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{1017CFD3-B38D-4AE8-BBA5-363DAA8CEAFB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{1286593A-0EFB-45AF-BF22-A6A7C8C1B3AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1779B45E-A2FB-48D9-990F-1D96D105A426}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{1C476501-6F79-4552-9CD9-F86CCA99E171}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1ED1E455-F6F3-4E33-8B6B-017532BF3E47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21387F8D-FA93-4B4B-BA6E-9B017C5F0B96}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | 
"{2146F47E-BF59-46DC-AD3C-924F8509A148}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23F557C6-BAB4-4A0D-9825-AAF0FAF92FB8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{248C601B-66AA-4D1D-B5F8-3C593A103CE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27962C21-0EF4-4B56-8336-2E7716BAA364}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2819F06F-FF56-4090-8447-EEA00CA98210}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2B3624F0-BC47-448F-9BD3-ABEAF88796AC}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{321071A4-9B47-42E4-99A7-BC77F18CBA5B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{399909AF-29E1-499B-B8A3-4306D09183B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39C5FD7C-0304-4471-B28B-E6D1E2032E4F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{3A6221FE-C825-4798-A6A3-3CDB7BBCBA19}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3A77A96A-8374-4D66-9DF5-E96B72FD573B}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{3DCB5C54-6F98-468F-A2FD-17D3324893C6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{43511008-1ADF-4A47-A768-DD97B9BD3A81}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{443BE788-2189-4E65-A706-9FE6AC1F180E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4650B53B-8A96-4E97-9274-3CCA62C71456}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{46A0002A-4162-482F-B702-4DA2F6D4432D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4709D43C-64AD-4162-B408-3C33F1F1819E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{489D2695-1B12-419F-AFC8-AB820B7E5AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{492BBB4D-03BA-4068-8168-BE4939997BEB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{4F7ACC6B-03AF-473D-A520-AC53BBECF66E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5069617B-125E-4023-9D9D-DACFA6D807CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51009AA8-05DB-4D02-B807-C1FEBAB38CD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{510E0DAF-D7E6-4DE4-BBB7-AA6D41903C29}" = protocol=17 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | 
"{56E2C7BA-1316-449B-93AD-7AE36C285044}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{66836D61-DEF4-40C1-A9D3-51A77BD69ED0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D21EEFD-8CE4-44EE-80B7-8C537DCEC5BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EB58FF7-4660-4EDC-BA32-AB33D41E50CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{702EA6C2-AA4B-4D30-8B04-B85604236894}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{7079741D-B85D-4732-A250-E8D71FB44CB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{72143308-741C-4C86-8B9A-0392DF23A6BF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{72C42123-60B8-4567-9B10-4533B2B3E0FB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{734C87A3-766D-4A72-915D-E950712F8051}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{75205DD6-B743-4356-82AE-1A54C9E89D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75C050CA-6095-4DFA-A2E8-A562AF83C326}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7717C151-FF7B-4CD3-9224-B4CFD19127B3}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{780828D6-09BF-41F8-8B8C-47B4895AE26B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{7ACE9182-3C5C-4712-ADEC-8AD6D675210E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{7B51A122-DA86-4B51-A304-52C704BDEA26}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{7BC11E29-952D-470C-87D0-7426380141EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BD8F06B-4633-48A7-AD0F-5A87B00CA97C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7DA8C547-94BE-4FBC-824E-5E617C6651F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E0D4042-3127-45B5-9548-73693B4A7D2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EEE663D-9BA9-4251-9BCE-E9B88F144270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E7B6246-AFBD-4AB8-9794-986D41DAECD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94D12B92-6D39-42F0-B2F4-46F4B44561AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97D2220C-6542-4D27-AA20-DA49DC3153CE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{98FC5322-97B5-4B19-9D20-5ADBF975B55D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D4B1F24-F46A-4FBD-9A19-ABF0710A5EC6}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{9E596D63-6A04-4DC5-B371-7EB75440B7AD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9F9B20B1-D4F0-41FF-8F26-793AD004311E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A0F2EB14-8B32-4054-83B7-441F9FF7B6ED}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{A59B8DD6-AA92-44E5-AE7D-ECDCF6BE04B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9966B76-719C-4F22-9A85-C33D3C91E76E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{AC163FFA-6652-40C4-B7B6-B920DD6D92A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AD246280-3B13-4570-AC8E-3BFCF99CEFC1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AF8A3FF8-71E6-493C-AFCD-20739AD467F5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B27C5DA2-B1AD-4D26-AEFE-0C3D8820668F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B87E5A3A-FAC5-4487-B2C6-A857B5838E6E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | 
"{BA48E335-D91E-4B65-8A49-95E238608A03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB258B52-B11C-4F59-997B-1DFF2F274882}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE705BCA-7C3F-4046-B7DA-E969ABC9E2FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE76DC02-121A-4CE1-B1A9-0873BBF8CBB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C24B30F5-EC3E-458E-9564-6DCE425CA0D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2CD9538-80CF-4CA3-AE9D-1F6A335D61C4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{C647AE77-3F5D-43E8-BDD6-DA8D871039CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C951F0B1-0EA9-4C10-81C9-EC86ACA867D7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C9CBC2BA-8F5A-48CF-8C98-CE2CCFB26FFC}" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
"{CE0CAB55-A17F-43B1-85A1-AF569891BA28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0DEB832-2AA5-4DB2-81B9-D1CEF664A94B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D28E4A80-DCCF-4E43-A018-66F0C8BED702}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5ADE395-E907-48BD-9775-88FE758919CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA6BEC2B-270B-43C5-8C8D-36C42F99E07D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DAAED29B-3893-44BA-9A49-7373E2E2A748}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DAB47069-031E-4A32-ACA0-1774C3F1AC90}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{DC055076-0D35-4F0E-AD1F-F473AE4C206F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{DE16FFE5-B138-4851-BD7C-57F59A29BAB3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{DE3333C1-9D7F-47CA-9A65-651F005DD348}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{E309F4D7-BCB3-4EBC-A301-5E13ABBC30C1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4443459-2C3C-4497-B0D3-2A216CB92A8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E95CB553-B0CC-41F8-87AE-AB9C66EE8435}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{F00DDA2D-E4EF-41D2-8234-69AACEBB1A09}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{F23D41BD-37F5-4DC2-98E6-2E0F22156887}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{F594224E-2665-4D3D-A906-582BC88651C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F63CB479-8923-46AD-BF21-EDA269C7D3CD}" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
"{F7A37735-6622-4846-A3C3-A47F56482AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8293015-074F-4D62-B1FA-0B75D3EBA02A}" = protocol=6 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | 
"{F8502366-B47D-44AD-98F0-26E95BCB2527}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F9BB4D27-5825-4823-A095-22EF32F39E2D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FA416D6B-A984-4809-8921-D5D509D5D78F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FEE53410-2B62-4B11-BBDA-790A405C3E6B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01348EAE-FD1C-4E80-9803-AF966F59330E}" = TweetAttacks AC
"{02828774-BEAF-39B4-E4F5-F093D6184402}" = TidySongs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A31C596-64D5-4613-83FD-D655A421588C}" = ESET Smart Security
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{573995A6-0C98-4AD9-A43D-CBA379024DC5}" = Opera 10.00
"{5AD4A795-3BDC-4667-A881-8FBC56F407D1}" = iTunesFolderWatch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1" = Uninstall KnightOnline
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 2.99.13.900
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81ED8831-D6A4-4460-B1F8-2A4919EFFEA7}_is1" = TreeWalk
"{82A51429-57E5-4F83-B030-539EDE2464DB}" = MSN Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C69E6BC6-98A7-40DB-8F69-7C769E3CDFA1}" = TweetAttacks
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DAA82B72-FB3E-45F7-88A6-CB095546282E}" = Mp3 Song Plays Increaser
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.4
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E82FBDF4-8C05-4513-B8D8-2331135ECA22}_is1" = MKV to DVD Converter
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F}" = NBC Direct
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB5EF8-483C-4C64-8A4F-6E89EDBF77D2}" = FFB - Facebook Friend Bomber
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media MP4 to MP3 Converter" = 4Media MP4 to MP3 Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AllToAVI" = AllToAVI v4 r5394
"Anywhere PE Viewer_is1" = Anywhere PE Viewer 0.1.7
"AVI Codec Pack" = AVI Codec Pack
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Audio Editor 4.2_is1" = AVS Audio Editor version 4.2
"AVS Audio Recorder 3.9_is1" = AVS Audio Recorder version 3.9
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Registry Cleaner 1.1_is1" = AVS Registry Cleaner version 1.1
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS SystemInfo_is1" = AVS System Info
"AVS TV Recorder_is1" = AVS TV Recorder 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"Cablenut" = Cablenut 4.08
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DScaler 4.1.15_is1" = DScaler 4.1.15
"Facebook FriendAdder Pro" = Facebook FriendAdder Pro
"FileZilla Client" = FileZilla Client 3.3.2.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FriendBlasterPro_is1" = FriendBlasterPro
"FrostWire" = FrostWire 4.20.6
"Game Cam" = Game Cam 2.54.0.47
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 1.71
"Gunz" = ijji - Gunz
"Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"kikin plugin (JDownloader Edition)" = kikin plugin (JDownloader Edition) 1.11
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LimeWire" = LimeWire 5.5.8
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Opera" = Opera
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROR" = Microsoft Office Professional 2007
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"Proxy Server Finder" = Proxy Server Finder
"Rainmeter" = Rainmeter (remove only)
"RealVNC_is1" = VNC Personal Edition P4.5.3
"RegCure" = RegCure 2.0.0.0
"RocketDock_is1" = RocketDock 1.3.5
"Software Informer_is1" = Software Informer 1.0 BETA
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"Steam App 17050" = Global Agenda - Demo
"Steam App 500" = Left 4 Dead
"TeamViewer 5" = TeamViewer 5
"TidySongs" = TidySongs (remove only)
"tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1" = TidySongs
"TubeBlasterPro_is1" = TubeBlasterPro
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"uTorrent" = ĩTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"XPort 360_is1" = XPort 360
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3984932898-1970420750-1500784559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"idm_flash" = IDM Flash 4.4.0.468
"ijji.com" = ijji
"NBC Direct" = NBC Direct
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/27/2010 5:56:22 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/27/2010 5:56:22 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3057
 
Error - 10/27/2010 5:56:22 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3057
 
Error - 10/27/2010 5:56:23 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/27/2010 5:56:23 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4087
 
Error - 10/27/2010 5:56:23 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4087
 
Error - 10/27/2010 5:56:24 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/27/2010 5:56:24 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5117
 
Error - 10/27/2010 5:56:24 PM | Computer Name = Tylers-Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5117
 
Error - 10/27/2010 6:39:08 PM | Computer Name = Tylers-Computer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 8/19/2009 11:16:56 PM | Computer Name = Tylers-Computer | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
 returned 0D  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 8/19/2009 11:17:24 PM | Computer Name = Tylers-Computer | Source = ehRecvr | ID = 4
Description = 
 
Error - 10/7/2009 5:25:36 PM | Computer Name = Tylers-Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/11/2009 11:57:25 PM | Computer Name = Tylers-Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/14/2010 8:54:17 PM | Computer Name = Tylers-Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/14/2010 10:07:03 PM | Computer Name = Tylers-Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/20/2010 10:46:59 PM | Computer Name = Tylers-Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ System Events ]
Error - 10/29/2010 5:20:45 PM | Computer Name = Tylers-Computer | Source = DCOM | ID = 10010
Description = 
 
Error - 11/2/2010 4:47:16 PM | Computer Name = Tylers-Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:32:48 AM on 11/2/2010 was unexpected.
 
Error - 11/2/2010 4:47:23 PM | Computer Name = Tylers-Computer | Source = HTTP | ID = 15016
Description = 
 
Error - 11/3/2010 2:00:03 PM | Computer Name = Tylers-Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:57:36 PM on 11/3/2010 was unexpected.
 
Error - 11/3/2010 2:00:06 PM | Computer Name = Tylers-Computer | Source = HTTP | ID = 15016
Description = 
 
Error - 11/4/2010 12:58:27 PM | Computer Name = Tylers-Computer | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 11/4/2010 1:11:27 PM | Computer Name = Tylers-Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:09:12 PM on 11/4/2010 was unexpected.
 
Error - 11/4/2010 1:11:31 PM | Computer Name = Tylers-Computer | Source = HTTP | ID = 15016
Description = 
 
Error - 11/4/2010 1:12:45 PM | Computer Name = Tylers-Computer | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11/4/2010 1:12:45 PM | Computer Name = Tylers-Computer | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 7/9/2010 8:00:11 PM | Computer Name = Tylers-Computer | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 11 November 2010 - 06:13 AM

Hi,

what issues are you currently still having?

Please run a scan with rootkit unhooker too:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 11 November 2010 - 08:00 AM

Hello, it doesnt seem that download is working, or rootkit.com right now

The problem im having is after my virus (if it was removed) my computer randomly crashes with a blue screen and i assume it is from the virus.

i will post the log when the download seems to work,
if it doesnt work anytime soon a mirror would be greatly appreciated.
thanks

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 11 November 2010 - 09:37 AM

Hi,

please try this mirror instead: http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 11 November 2010 - 06:47 PM

Report.txt:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F20B000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
0x82208000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82208000 PnpManager 3903488 bytes
0x82208000 RAW 3903488 bytes
0x82208000 WMIxWDM 3903488 bytes
0x94201000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9A820000 Win32k 2109440 bytes
0x9A820000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A601000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8A279000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F0C6000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8A408000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x9000F000 C:\Windows\system32\DRIVERS\CamthWDM.sys 937984 bytes (YewSoft, WDM Video Capture Driver)
0x80671000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA44DD000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x95A0A000 C:\Windows\system32\DRIVERS\ae1000va.sys 864256 bytes (Ralink Technology Corp., Ralink 802.11n Wireless Adapter Driver)
0xA1A01000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
0xA1AF8000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8FC8B000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80751000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A208000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95B54000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F00B000 C:\Windows\system32\drivers\hcw18bda.sys 385024 bytes (Hauppauge Computer Works, Inc, Cx418 Raptor Driver)
0xA447D000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9AA70000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8A0A7000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x94557000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8A00B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80630000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A156000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A55D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FDC2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A3AF000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA4405000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A710000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FD7B000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825C1000 ACPI_HAL 208896 bytes
0x825C1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A197000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9459F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FD42000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x94438000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A384000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F069000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA1BB7000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8A760000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8A062000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA4456000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x94465000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA1ACD000 C:\Windows\system32\DRIVERS\epfw.sys 143360 bytes (ESET, ESET Personal Firewall driver)
0x90138000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A798000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8A5AA000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x944DA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A5CB000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x807DA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A11E000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x944A1000 C:\Windows\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0x95BC1000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A4F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95B39000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x95B06000 C:\Windows\System32\Drivers\dump_nvstor32.sys 106496 bytes
0x8A13C000 C:\Windows\system32\drivers\nvstor32.sys 106496 bytes (NVIDIA Corporation, NVIDIAŽ nForce(TM) Sata Performance Driver)
0x95BDE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F1C6000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA443E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F1E4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90116000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8A7C2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8A3E9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x945D1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9452D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8A7D9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9017E000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA45D1000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x9016A000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94543000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A525000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA1BEB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FDAF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F0B4000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x95ADD000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA45E6000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A787000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x901DD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80617000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A515000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x8A1C9000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA1BA7000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A106000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8F096000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x901A6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x95B2A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A751000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8A089000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x9015B000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A59B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A098000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F0A6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9AA60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x901B8000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0xA44CB000 C:\Windows\system32\DRIVERS\epfwwfp.sys 57344 bytes (ESET, ESET Personal Firewall driver)
0x945E7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x94516000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8A0F8000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x95AEF000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90109000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x900F4000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x901D0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FD2A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x807CD000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x90193000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xA45C5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x944CE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FD37000 C:\Windows\system32\DRIVERS\Epfwndis.sys 45056 bytes (ESET, ESET Personal Firewall NDIS filter)
0x8A548000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A538000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9450B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9012D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FD70000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A7F3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x95AFC000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x95B20000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x901C6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA1BE1000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x945F5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA45BB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A553000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A7B9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9448A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x95BF7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A1D9000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x94524000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9AA40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A50C000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A051000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A116000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80628000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8060F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8A05A000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x944FB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x94503000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90101000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8A749000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA45F8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9449A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x944C7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x94493000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A0F1000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9019F000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8F1DE000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8A543000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xA4401000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xA44D9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F093000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8FC89000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
0x901B6000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x944BE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA4400000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
==============================================
>Stealth
==============================================
0x88253F53 Unknown page with executable code, 173 bytes
0x882A9E44 Unknown page with executable code, 444 bytes
0x882B1D66 Unknown page with executable code, 666 bytes

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 14 November 2010 - 04:58 PM

Hi,

sorry for the delay. Your logs are looking pretty clean. Please run a scan with Malwarebytes to be safe:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Do you have the error code of the BSOD you've been getting?

Hi,

sorry for the delay. Your logs are looking pretty clean. Please run a scan with Malwarebytes to be safe:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Do you have the error code of the BSOD you've been getting?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 14 November 2010 - 05:41 PM

i have the paid version of malware bytes, illl run the scan right now.

and no i do not have the error, is there any way i can find ot? maybe a log on my computer somewhere?

thanks

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 14 November 2010 - 06:25 PM

Hi,

are you still getting the BSODs or was it a one time thing?

If you are currently still getting them, you can disable the automatic reboot and write it down:
Please disable automatic restart:
  • Right-click My Computer, and then click Properties.
  • Click the Advanced tab.
  • Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
  • Uncheck the Automatically restart check box, and click OK the necessary number of times.
  • Restart your computer for the settings to take effect.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#13 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:09:52 AM

Posted 19 November 2010 - 03:47 AM

Hello, sorry for the delay, i just seemed to get home to my computer and turned it on to the blue screen

ill attach a picture i took from my phone of it

i did a quick google search of the error, and someone had the same problem and it ended up being the RAM sticks being fried or something? could this be the problem?
i actually planned on buying myself new RAM sticks this weekend (possibly tomorrow)

The error code is MEMORY_MANAGEMENT

image is attached

hope this helps
also, if you dont mind id like to ask a question about what type of ram i should buy

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 22 November 2010 - 05:11 PM

Hi,

I'm sorry I'm probably not the best person to ask for RAM advice. If you go with the same type but in "bigger" size you should be fine. You need to make sure that it is the same type (so DDR, DDR2, DDR3 etc) of RAM than you had before. If you wish to choose a different type, you need to figure out if your motherboard supports this.
The same goes for the speed, if you buy RAM that has a higher rate than your motherboard can handle, it will have no effect. The only thing you shouldn't do is buy a lower rate, as this might cause a little slow down.

In general I would just advise that you take the same kind you had before but in bigger size. When it comes to brands I am unfamiliar with the quality of different brands.

You did not attach an image to your last post.

Let me know if changing your RAM helped.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 27 December 2010 - 07:55 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·