Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple things: Win32/Patched.dx and TDSS at least.


  • This topic is locked This topic is locked
17 replies to this topic

#1 3080Cowboy

3080Cowboy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 16 February 2011 - 02:09 PM

I tried posting a log for the Win32/Patched.dx, but couldn't. I pm'ed an admin, and he said that I was infected with TDSS, and should post here that I couldn't post the logs.

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:28 PM

Posted 19 February 2011 - 05:41 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 22 February 2011 - 06:55 PM

I can't post my logs because when I try, I get an error 101: connection reset.

#4 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 22 February 2011 - 06:57 PM

I can't post the dds log, but I can attach the gmer log. Here it is.

Attached Files

  • Attached File  ark.log   25.65KB   2 downloads


#5 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 22 February 2011 - 11:19 PM

And I forgot to include the details of the problem. Been getting random BSOD's. Also get redirected google searches, and random new tabs, normally to ads for working at home, but other times to an online virus scanner, which I always close out of. Today, started getting AVG pop ups saying that a file was infected, with Win32/Patched.dx, but couldn't fix because it is a critical system file. Also just today, Windows Media Player stopped functioning. I can no longer modify details of songs in the library, view playlists (can still play them), or delete songs from my library. DivX will irregularly not load a .mkv video. It will open up, but not play, and the duration of the movie is shown as 0:00. All other programs that I use function as expected, besides random BSOD's a couple times a day. I've ran AVG, MalwareBytes, and CCleaner, all with out successfully fixing the problem. I have AVG and PeerBlock running non stop. Using Windows Vista 32 bit.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:28 AM

Posted 26 February 2011 - 12:59 PM

Hello 3080Cowboy,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

The following tool can be ran in Regular or Safemode.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Things to include in your next reply::
TdssKiller log
OTL.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 February 2011 - 02:35 PM

TDSS Killer

2011/02/27 12:54:13.0656 1724 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 12:54:14.0261 1724 ================================================================================
2011/02/27 12:54:14.0262 1724 SystemInfo:
2011/02/27 12:54:14.0262 1724
2011/02/27 12:54:14.0262 1724 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/27 12:54:14.0262 1724 Product type: Workstation
2011/02/27 12:54:14.0262 1724 ComputerName: COWBOY-LAPTOP
2011/02/27 12:54:14.0264 1724 UserName: Cowboy
2011/02/27 12:54:14.0264 1724 Windows directory: C:\Windows
2011/02/27 12:54:14.0264 1724 System windows directory: C:\Windows
2011/02/27 12:54:14.0264 1724 Processor architecture: Intel x86
2011/02/27 12:54:14.0264 1724 Number of processors: 1
2011/02/27 12:54:14.0264 1724 Page size: 0x1000
2011/02/27 12:54:14.0264 1724 Boot type: Safe boot with network
2011/02/27 12:54:14.0264 1724 ================================================================================
2011/02/27 12:54:16.0748 1724 Initialize success
2011/02/27 12:54:22.0710 0584 ================================================================================
2011/02/27 12:54:22.0710 0584 Scan started
2011/02/27 12:54:22.0710 0584 Mode: Manual;
2011/02/27 12:54:22.0711 0584 ================================================================================
2011/02/27 12:54:25.0335 0584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/27 12:54:25.0646 0584 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/27 12:54:25.0950 0584 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/27 12:54:26.0207 0584 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/27 12:54:26.0229 0584 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/27 12:54:26.0769 0584 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/27 12:54:27.0056 0584 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/27 12:54:27.0357 0584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/27 12:54:27.0631 0584 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2011/02/27 12:54:27.0671 0584 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/27 12:54:27.0921 0584 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2011/02/27 12:54:27.0956 0584 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/27 12:54:28.0244 0584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/02/27 12:54:28.0534 0584 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/27 12:54:28.0792 0584 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/27 12:54:29.0672 0584 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2011/02/27 12:54:29.0984 0584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 12:54:30.0534 0584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/27 12:54:30.0836 0584 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
2011/02/27 12:54:31.0408 0584 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/27 12:54:31.0671 0584 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/02/27 12:54:31.0713 0584 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/27 12:54:31.0996 0584 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/02/27 12:54:32.0278 0584 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/02/27 12:54:32.0321 0584 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/02/27 12:54:32.0845 0584 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/02/27 12:54:32.0885 0584 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/02/27 12:54:33.0435 0584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/27 12:54:33.0488 0584 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/27 12:54:33.0754 0584 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 12:54:34.0039 0584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/27 12:54:34.0332 0584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/27 12:54:34.0377 0584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/27 12:54:34.0628 0584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/27 12:54:34.0900 0584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/27 12:54:34.0932 0584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/27 12:54:35.0202 0584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/27 12:54:35.0477 0584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 12:54:35.0755 0584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 12:54:36.0051 0584 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/02/27 12:54:36.0335 0584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/27 12:54:36.0621 0584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/27 12:54:36.0640 0584 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2011/02/27 12:54:36.0918 0584 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
2011/02/27 12:54:37.0219 0584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/27 12:54:37.0260 0584 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/27 12:54:37.0534 0584 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/27 12:54:38.0655 0584 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 12:54:38.0941 0584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/27 12:54:39.0275 0584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 12:54:39.0565 0584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 12:54:39.0849 0584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/27 12:54:40.0161 0584 Ecache (c1f5e5fe4da2cfdb31160df890abe774) C:\Windows\system32\drivers\ecache.sys
2011/02/27 12:54:40.0162 0584 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: c1f5e5fe4da2cfdb31160df890abe774, Fake md5: 7f64ea048dcfac7acf8b4d7b4e6fe371
2011/02/27 12:54:40.0393 0584 Ecache - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/27 12:54:40.0438 0584 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/27 12:54:40.0722 0584 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/27 12:54:41.0275 0584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/27 12:54:41.0554 0584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 12:54:41.0855 0584 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 12:54:42.0159 0584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 12:54:42.0427 0584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 12:54:42.0459 0584 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 12:54:42.0723 0584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 12:54:43.0008 0584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 12:54:43.0054 0584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/27 12:54:43.0625 0584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/27 12:54:43.0953 0584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 12:54:44.0241 0584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/27 12:54:44.0513 0584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/27 12:54:44.0808 0584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 12:54:45.0088 0584 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/27 12:54:45.0376 0584 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/02/27 12:54:45.0683 0584 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/27 12:54:45.0984 0584 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/27 12:54:46.0280 0584 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 12:54:46.0555 0584 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/27 12:54:46.0823 0584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 12:54:47.0408 0584 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/27 12:54:47.0725 0584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/27 12:54:48.0002 0584 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2011/02/27 12:54:48.0316 0584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 12:54:48.0601 0584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 12:54:48.0898 0584 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/27 12:54:49.0175 0584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/27 12:54:49.0215 0584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 12:54:49.0468 0584 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/27 12:54:49.0748 0584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 12:54:49.0768 0584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/27 12:54:50.0030 0584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/27 12:54:50.0086 0584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 12:54:50.0625 0584 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 12:54:50.0674 0584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 12:54:50.0969 0584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 12:54:51.0559 0584 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/27 12:54:51.0804 0584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/27 12:54:52.0069 0584 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/27 12:54:52.0096 0584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/27 12:54:52.0404 0584 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\Windows\system32\DRIVERS\lvrs.sys
2011/02/27 12:54:52.0709 0584 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\DRIVERS\LVUSBSta.sys
2011/02/27 12:54:53.0195 0584 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/02/27 12:54:53.0719 0584 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/27 12:54:53.0950 0584 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/27 12:54:54.0229 0584 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/27 12:54:54.0297 0584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/27 12:54:54.0546 0584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 12:54:54.0806 0584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 12:54:54.0835 0584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 12:54:55.0406 0584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 12:54:55.0680 0584 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/27 12:54:55.0717 0584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 12:54:55.0987 0584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/27 12:54:56.0251 0584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 12:54:56.0332 0584 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 12:54:56.0572 0584 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 12:54:56.0837 0584 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 12:54:56.0863 0584 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2011/02/27 12:54:57.0138 0584 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/27 12:54:57.0429 0584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 12:54:57.0698 0584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/27 12:54:57.0996 0584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 12:54:58.0056 0584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 12:54:58.0343 0584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 12:54:58.0612 0584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 12:54:58.0678 0584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 12:54:58.0965 0584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 12:54:59.0208 0584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/27 12:54:59.0570 0584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 12:54:59.0793 0584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/27 12:55:00.0359 0584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 12:55:00.0420 0584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 12:55:00.0684 0584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 12:55:00.0949 0584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 12:55:01.0220 0584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 12:55:01.0325 0584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 12:55:02.0124 0584 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/02/27 12:55:02.0493 0584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/27 12:55:02.0563 0584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 12:55:03.0034 0584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 12:55:03.0390 0584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 12:55:03.0722 0584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/27 12:55:03.0963 0584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/27 12:55:04.0249 0584 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/27 12:55:04.0522 0584 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/27 12:55:05.0761 0584 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/27 12:55:06.0342 0584 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/27 12:55:06.0889 0584 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/02/27 12:55:06.0919 0584 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/27 12:55:07.0450 0584 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/27 12:55:08.0021 0584 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 12:55:08.0387 0584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/27 12:55:08.0674 0584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 12:55:08.0951 0584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/27 12:55:09.0497 0584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/27 12:55:10.0081 0584 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/27 12:55:10.0348 0584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/27 12:55:10.0665 0584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/27 12:55:11.0937 0584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 12:55:12.0540 0584 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/02/27 12:55:13.0694 0584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 12:55:13.0997 0584 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/27 12:55:14.0059 0584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/27 12:55:14.0350 0584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 12:55:14.0624 0584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 12:55:14.0922 0584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 12:55:15.0499 0584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 12:55:15.0766 0584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 12:55:16.0052 0584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 12:55:16.0350 0584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 12:55:16.0652 0584 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/27 12:55:16.0922 0584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 12:55:17.0626 0584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 12:55:19.0791 0584 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/02/27 12:55:20.0825 0584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 12:55:22.0143 0584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/27 12:55:24.0697 0584 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/27 12:55:26.0045 0584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 12:55:27.0340 0584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/27 12:55:28.0385 0584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/27 12:55:29.0116 0584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/27 12:55:30.0622 0584 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/27 12:55:31.0867 0584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/27 12:55:32.0851 0584 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/27 12:55:33.0835 0584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/27 12:55:35.0012 0584 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/27 12:55:35.0597 0584 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/27 12:55:36.0178 0584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/27 12:55:41.0974 0584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 12:55:42.0604 0584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/27 12:55:43.0539 0584 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys
2011/02/27 12:55:51.0381 0584 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 12:55:51.0664 0584 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 12:55:51.0989 0584 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 12:55:52.0830 0584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 12:55:53.0478 0584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/27 12:55:53.0772 0584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/27 12:55:54.0035 0584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/27 12:55:54.0367 0584 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/27 12:55:55.0434 0584 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 12:56:01.0989 0584 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 12:56:02.0223 0584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 12:56:02.0511 0584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 12:56:02.0803 0584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 12:56:03.0067 0584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 12:56:03.0344 0584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 12:56:04.0871 0584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 12:56:05.0720 0584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/27 12:56:06.0886 0584 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 12:56:08.0006 0584 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/27 12:56:08.0660 0584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 12:56:09.0487 0584 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/27 12:56:10.0081 0584 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/27 12:56:11.0212 0584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/27 12:56:11.0827 0584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/27 12:56:13.0239 0584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 12:56:14.0966 0584 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/27 12:56:15.0571 0584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 12:56:15.0866 0584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/27 12:56:16.0416 0584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 12:56:16.0749 0584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 12:56:17.0303 0584 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 12:56:17.0849 0584 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/27 12:56:18.0163 0584 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/27 12:56:18.0998 0584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 12:56:19.0284 0584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 12:56:19.0609 0584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/27 12:56:20.0433 0584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 12:56:20.0719 0584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/27 12:56:20.0767 0584 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/27 12:56:21.0308 0584 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/27 12:56:26.0754 0584 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2011/02/27 12:56:26.0794 0584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/27 12:56:27.0622 0584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 12:56:28.0195 0584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/27 12:56:28.0475 0584 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/27 12:56:29.0048 0584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/27 12:56:29.0620 0584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 12:56:29.0657 0584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 12:56:30.0480 0584 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/27 12:56:30.0777 0584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 12:56:32.0797 0584 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/27 12:56:34.0231 0584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 12:56:34.0853 0584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/27 12:56:35.0378 0584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 12:56:36.0255 0584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 12:56:36.0560 0584 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/27 12:56:37.0116 0584 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/27 12:56:37.0411 0584 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/02/27 12:56:37.0984 0584 ================================================================================
2011/02/27 12:56:37.0984 0584 Scan finished
2011/02/27 12:56:37.0984 0584 ================================================================================
2011/02/27 12:56:38.0291 0852 Detected object count: 1
2011/02/27 12:56:45.0788 0852 Ecache (c1f5e5fe4da2cfdb31160df890abe774) C:\Windows\system32\drivers\ecache.sys
2011/02/27 12:56:45.0789 0852 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: c1f5e5fe4da2cfdb31160df890abe774, Fake md5: 7f64ea048dcfac7acf8b4d7b4e6fe371
2011/02/27 12:56:51.0262 0852 Backup copy found, using it..
2011/02/27 12:56:51.0307 0852 C:\Windows\system32\drivers\ecache.sys - will be cured after reboot
2011/02/27 12:56:51.0307 0852 Rootkit.Win32.TDSS.tdl3(Ecache) - User select action: Cure
2011/02/27 12:56:59.0827 0808 Deinitialize success


OTL.txt

OTL logfile created on: 2/27/2011 1:13:55 PM - Run 1
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Cowboy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 3.00 Gb Free Space | 2.16% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS

Computer Name: COWBOY-LAPTOP | User Name: Cowboy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ias)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 20:34:15 | 014,745,600 | -HS- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\\System\icm64.dll -- (wmcmgc)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 21:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/11 17:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/08/11 14:03:35 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/09 10:58:28 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/17 00:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 20:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ThePirateBay.org"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: VideoBar@meep.com:2.2.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148
FF - prefs.js..keyword.URL: "http://jixey.com/?id={C6615258-1EBF-4147-B549-C7C45F757004}&brand=&ver=2.2.7&src=adr&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 15:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/03 23:37:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/03 23:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 15:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 17:35:10 | 000,000,000 | ---D | M]

[2010/01/21 14:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions
[2010/01/19 23:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/02/27 12:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions
[2011/02/16 12:49:28 | 000,000,000 | ---D | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/01/30 18:40:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/29 15:22:27 | 000,001,635 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\firefox-add-ons.xml
[2011/02/12 18:52:37 | 000,002,567 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\hulu.xml
[2011/01/29 21:11:57 | 000,001,504 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\imdb.xml
[2011/01/29 15:24:20 | 000,002,072 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\msdn-search-with-google.xml
[2011/01/29 15:17:50 | 000,001,508 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\neweggcom.xml
[2011/01/29 15:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\thepiratebayorg.xml
[2011/01/29 15:16:43 | 000,002,057 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\youtube-video-search.xml
[2011/02/27 12:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/07 02:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/27 15:11:25 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/03 23:37:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/03 23:37:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/05/23 05:37:02 | 000,000,000 | ---D | M] (Meep Media Downloader) -- C:\PROGRAM FILES\MEEP\FF
[2011/02/07 02:22:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/27 12:55:52 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/08/15 04:52:20 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.115.71.53 24.159.193.40
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cd98578-821f-11de-b6f5-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell - "" = AutoRun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\adobe\command - "" = G:\goodies\ar405eng.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\AutoRun\command - "" = G:\aocsetup.exe /autorun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\setup\command - "" = G:\aocsetup.exe /autorun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\zone\command - "" = G:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell - "" = AutoRun
O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: wmcmgc - C:\Program Files\Common Files\\System\icm64.dll ()
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 13:12:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
[2011/02/27 12:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/27 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Drop Down Deals
[2011/02/27 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/27 12:50:40 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cowboy\Desktop\myprogram.com
[2011/02/24 01:02:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/19 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/02/19 01:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/19 01:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/19 01:28:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/16 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Local\SCE
[2011/02/16 12:50:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/02/13 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\Malware Removal
[2011/02/13 07:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/02/13 07:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\UDK
[2011/02/13 07:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/02/12 21:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\IncCalc
[2011/02/10 17:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2011/02/10 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Media Player Classic
[2011/02/10 09:32:27 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\FMOD SoundBank Generator
[2011/02/10 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\FMOD SoundSystem
[2011/02/09 22:34:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/02/09 18:05:04 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft Games
[2011/02/07 02:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/07 02:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/02/05 02:19:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\ngspice-22
[2011/02/05 01:06:19 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2011/02/05 01:06:19 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2011/02/05 01:06:19 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2011/02/05 01:06:19 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2011/02/05 01:06:18 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2011/02/05 01:06:18 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2011/02/05 01:06:17 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2011/02/05 01:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2011/02/03 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Local
[2011/02/02 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\Dungeons and Dragons Online
[2011/02/01 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2011/02/01 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/02/01 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/02/01 11:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/02/01 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/02/01 11:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/02/01 11:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/01/31 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/01/31 22:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/30 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/01/30 18:54:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/01/30 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/01/30 18:53:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/30 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/01/30 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab
[2011/01/30 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\FixCleaner
[2011/01/30 14:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/01/29 16:01:40 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Local\PMB Files
[2011/01/29 16:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/01/29 15:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/29 03:18:37 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Xfire
[2011/01/29 03:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011/01/29 03:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire

========== Files - Modified Within 30 Days ==========

[2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
[2011/02/27 13:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 12:50:42 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cowboy\Desktop\myprogram.com
[2011/02/26 00:07:32 | 000,000,665 | ---- | M] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/26 00:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000UA.job
[2011/02/25 23:58:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 23:58:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 23:58:12 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/02/25 23:58:10 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\EGTZFTNE.job
[2011/02/25 23:38:34 | 000,002,577 | ---- | M] () -- C:\Users\Cowboy\Desktop\Facebook.lnk
[2011/02/25 17:37:24 | 107,167,611 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/25 17:37:21 | 000,136,704 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 13:02:12 | 000,001,356 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2011/02/23 18:00:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000Core.job
[2011/02/22 20:40:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\&
[2011/02/22 16:57:19 | 000,000,174 | ---- | M] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/22 00:25:23 | 000,870,128 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/02/22 00:25:23 | 000,000,004 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/19 01:28:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/12 19:07:20 | 001,474,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/12 19:07:20 | 000,423,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 17:02:16 | 000,000,730 | ---- | M] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 22:31:10 | 000,333,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/09 22:15:06 | 000,000,174 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/02/09 17:55:24 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/08 18:59:48 | 000,223,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/05 23:49:33 | 000,000,846 | ---- | M] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 02:15:16 | 000,002,412 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2011/01/30 18:03:21 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/30 18:03:20 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/29 15:30:02 | 000,000,104 | ---- | M] () -- C:\Users\Cowboy\Desktop\Internet - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/02/26 00:07:32 | 000,000,665 | ---- | C] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/24 01:01:46 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 01:01:46 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 01:01:46 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 20:40:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\&
[2011/02/22 16:57:00 | 000,000,174 | ---- | C] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/19 01:28:48 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/10 17:13:26 | 000,000,004 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/10 17:13:25 | 000,870,128 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/02/10 17:02:16 | 000,000,730 | ---- | C] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 17:55:24 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/05 23:49:33 | 000,000,846 | ---- | C] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 01:06:21 | 000,002,412 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011/02/05 01:06:18 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2011/02/05 01:06:18 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2011/02/05 01:06:18 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2011/02/05 01:06:18 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2011/02/05 01:06:18 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2011/02/05 01:06:18 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2011/02/05 01:06:18 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2011/02/05 01:06:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2011/02/05 01:06:18 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2011/02/05 01:06:18 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/02/01 11:26:22 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/01/30 18:54:39 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/01/29 15:30:02 | 000,000,104 | ---- | C] () -- C:\Users\Cowboy\Desktop\Internet - Shortcut.lnk
[2010/12/27 12:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/11/19 21:52:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/09/22 16:55:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pv_c3.exe
[2010/09/02 14:35:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/02 14:35:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/02 14:35:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/01 18:34:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/09/01 18:34:42 | 006,664,208 | ---- | C] () -- C:\Windows\System32\dvdripcore.dll
[2010/08/26 22:07:27 | 000,000,174 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/26 10:19:13 | 000,000,710 | ---- | C] () -- C:\ProgramData\.wtav
[2010/08/21 17:42:01 | 000,002,838 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll
[2010/08/20 14:22:51 | 000,002,838 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll
[2010/03/28 20:36:36 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/03/28 20:36:36 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/03/28 20:36:36 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/03/15 15:20:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/19 23:48:03 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2009/12/02 21:52:11 | 000,000,536 | ---- | C] () -- C:\Windows\Disney.ini
[2009/12/02 21:52:05 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/10/25 17:58:28 | 000,005,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/03 12:05:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/30 07:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/25 16:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/19 08:55:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 08:55:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/15 22:20:00 | 000,000,094 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\fusioncache.dat
[2009/08/11 19:35:48 | 000,000,100 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/11 14:24:31 | 000,001,356 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 00:38:41 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 00:29:36 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/30 22:20:28 | 000,136,704 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/22 14:30:17 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/22 13:58:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 05:17:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,333,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 001,474,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,423,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/01 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2010/10/25 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\AVG10
[2010/09/07 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\avidemux
[2010/08/21 18:20:28 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF
[2011/02/25 23:58:31 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\BitTorrent
[2010/01/23 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Broad Intelligence
[2010/01/21 13:59:49 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\CometNetwork
[2009/08/11 14:34:44 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DAEMON Tools Pro
[2009/10/18 21:49:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DriverCure
[2011/01/30 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FixCleaner
[2010/07/06 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\flatball
[2010/01/28 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FrostWire
[2011/02/01 11:31:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2010/12/20 12:06:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GrabPro
[2011/01/30 13:49:28 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\InfraRecorder
[2011/02/01 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2009/10/31 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Leadertech
[2011/02/03 23:37:15 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Local
[2010/05/11 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient
[2010/03/16 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/31 23:40:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\NCH Swift Sound
[2009/09/11 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\OpenOffice.org
[2011/01/29 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Orbit
[2010/12/20 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\ProgSense
[2009/10/27 09:03:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Recordpad
[2011/01/24 19:42:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Reviversoft
[2010/09/01 21:17:48 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\RipIt4Me
[2011/01/18 16:41:53 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\rockbox.org
[2011/02/19 14:59:31 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/01/30 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab
[2009/09/15 22:20:05 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Turbine
[2011/01/21 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\X-Chat 2
[2011/02/25 23:58:10 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\EGTZFTNE.job
[2011/02/25 23:58:12 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/02/25 17:40:36 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

Extras.txt

OTL Extras logfile created on: 2/27/2011 1:13:55 PM - Run 1
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Cowboy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 3.00 Gb Free Space | 2.16% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS

Computer Name: COWBOY-LAPTOP | User Name: Cowboy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01221117-46C8-4667-8D64-05DCA5BEA5B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{032E8907-8126-4712-BA8D-C18637419146}" = lport=19617 | protocol=17 | dir=in | name=bitcomet 19617 udp |
"{04725C9A-04D3-4DED-9C49-8AFEB3541490}" = lport=13155 | protocol=17 | dir=in | name=bitcomet 13155 udp |
"{093DF5BF-2530-4D18-B966-E5265C6F267A}" = lport=15843 | protocol=17 | dir=in | name=bitcomet 15843 udp |
"{09CCC64E-6A4F-4A79-8FA6-7D29396671D6}" = lport=13155 | protocol=6 | dir=in | name=bitcomet 13155 tcp |
"{0AF2BEE3-4CB5-4258-96AD-CE79D1FD08BD}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{0E2FD8AC-33C8-401B-8523-7EFD55286130}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{0FD84293-AD77-457A-8438-95074B3F0BEE}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{109C642A-25FA-4B4D-A98F-754EB7472C85}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{10E2D7F1-7968-4E10-B1AD-97FC337BD083}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher |
"{1F7D6E19-0AD6-453A-9C4B-00B29938C41F}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{254B0034-56DE-4EAE-8BC3-D7EFFBF02095}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{35D3F8BB-BBE4-4014-9653-56F8AD1E18F0}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{3741F4D2-0452-415B-B682-CD02B81A503B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B74AD86-9509-4A82-8A53-5DD8795D5E56}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{3DDE1D9C-CC4B-44A7-BF85-E3F23C0B5BF6}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{3E07BC5E-2EC5-48A7-8DE7-4A5A94614C55}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{428CC73C-E801-4357-9B26-D6E37C7C2F89}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{45BCC13B-68D1-4636-962E-F99AFAEDB2E4}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{4903000B-CF5E-405F-A1A7-274D0CAB5AD4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4B787F13-78AC-41EA-B8FA-09D2EAADD0E5}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher |
"{4D3A29A1-1F9D-42D3-BDEC-BD360782D937}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher |
"{4FDBDDED-21FB-4484-B40F-77D8226EFB83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{529B2CCE-AD50-4DED-8124-3528F37813C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{58960CE5-7B44-41BF-9D7B-777E8F51FAF9}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{58C45133-289A-4DE4-A303-D86607125B71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F0A9E26-5E0A-439E-95EA-F75D44953E3D}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |
"{5F3EC495-FABF-47E5-9A0A-A19EAE2C378B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5FDA5B5B-795F-4C33-9734-F1BFCA7EA430}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{65719BBD-7B60-4EC6-8405-E6B99F50C126}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{66D68880-3B0B-429A-BFB9-5D83B8B27D69}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher |
"{69CEA16C-EEAB-4D28-B90C-20EA2709CF32}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{6C3E98A7-C164-48D2-ACA9-02A88CBAEAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6D35D508-FEAA-41B0-9E48-C90AA3E26B7F}" = lport=20112 | protocol=17 | dir=in | name=bitcomet 20112 udp |
"{72C8D1C4-CB18-4043-B146-C6AE60664246}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73763B82-0301-4BF8-B104-387F10B4C99C}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{756A7BA1-B5A1-4863-BD2B-B6198943B124}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{75E28473-04E2-43D5-8A1E-B8498FEE9AFD}" = lport=139 | protocol=6 | dir=in | app=system |
"{776F0B3F-6638-4951-8605-1745A1323A7C}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{77D6E946-1D80-4B31-A5B7-F871045D348E}" = lport=445 | protocol=6 | dir=in | app=system |
"{78C28176-1CBA-4955-9072-2F94A2102912}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D07ABA6-9092-4372-9144-C67CA3B6F393}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{7D867C2C-B318-40D4-8440-CD2544B2C1F2}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher |
"{7E1D8918-4857-4E0C-95E8-B474F1CF76FC}" = lport=20112 | protocol=6 | dir=in | name=bitcomet 20112 tcp |
"{814174BD-CEC7-4182-83B8-921B36674AD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{83D2A978-9AB5-41F9-9291-66DA71574FAE}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{845F3AE7-D885-4580-BFB1-B30D5A27292C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85EB3FDB-03D9-401D-A44F-4DD8F415D34F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{897D6A6D-850A-4394-9761-C573A3C47D5E}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{8AFBE157-E655-4E2C-8F4C-742570568592}" = lport=5985 | protocol=6 | dir=in | app=system |
"{8E33DF8C-4454-4B68-B850-B7056C562398}" = lport=19617 | protocol=6 | dir=in | name=bitcomet 19617 tcp |
"{8F0E62F5-5523-496C-B3B6-350589A5CCCA}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{927D4DAB-8A6A-4460-AE45-6F7B30904474}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{92AA2C48-1135-4A3F-A49C-4C25628D1E05}" = lport=13155 | protocol=6 | dir=in | name=bitcomet 13155 tcp |
"{94108176-B65E-4FB3-89F9-F3EE0C45CC47}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{981AE122-2981-491E-BD64-28543C54AB2D}" = lport=15843 | protocol=6 | dir=in | name=bitcomet 15843 tcp |
"{9C44049B-2872-4E09-AB16-F33C6595D809}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9DF97887-D48E-44EA-A58D-69B116F270A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{A2C7D017-6BF5-419F-B8A6-EF192DC59DE0}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{A5A3C7F9-948A-4BC8-92F1-2251197871F6}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{A6F0E04B-FFBE-40FA-89BF-DEA8FF754E85}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher |
"{A83066EE-B1F5-45CE-8838-F779877046AF}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{AAC823C1-11A6-4845-B026-72FD7A05594B}" = lport=13155 | protocol=17 | dir=in | name=bitcomet 13155 udp |
"{ABE6D1D4-64E4-4C5C-95C9-BFEF69D62CF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AF477ECD-8710-4E48-AC8C-F471CFF928EC}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{AF482356-CA9C-451C-8EC0-C4C0D1CBE03D}" = lport=19617 | protocol=17 | dir=in | name=bitcomet 19617 udp |
"{B3A26E4A-58A6-4288-BE66-5F5B7F585238}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BB89695B-8CD1-4A74-BE18-4E322BE8C8D2}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{BC5CB740-D84E-446B-8D5B-F3EC7041D5B0}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{C52115C6-DF7E-4BD6-942A-5B347550C5B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC45C0DE-F4EA-4757-BAB7-CA95C837A3DB}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |
"{CC575239-4944-4C4A-9EC7-37E4FDCCBD38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE98EB98-85AB-4227-84F8-6D65AC9E0FB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D67E035A-8741-4CF0-9832-079E7F813531}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{D75F3F0D-7C37-4E59-B951-262A9187F1AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEB639F7-C8AE-451B-AF73-E63020954D06}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{E7330AD3-EBBF-4102-9FCA-9F4D3F97CA81}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{E7E0FF65-4265-44A6-A962-8BAB5C24FA9A}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{E8843BE8-F680-4CE9-B8E3-0725AD64547D}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{E8B5CBCC-CAA2-4B90-A7B3-4745A9280D05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA3F23D7-EB80-4B01-B93C-B72061B091FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB78E3E2-3DA8-4758-9FD6-F64E474030E4}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECAB0797-CC3E-41D5-9F4C-B60EEA033211}" = lport=19617 | protocol=6 | dir=in | name=bitcomet 19617 tcp |
"{ECF7CFA1-78ED-4B1D-8C17-88F39F6FA912}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher |
"{F1339096-FC05-43EA-B67E-6A76ADDB7A6B}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{F8897B54-5FF4-445F-8EA7-3A334B0AD2F8}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{FC33F5A5-0EFD-4F06-AA02-EDD77F7322AE}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{FEB365C3-13F9-45DB-86B5-96E8F4DC0CFA}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E44F4-20DF-4C64-BFA4-4D076DA7B7BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{010070CC-93C6-46DA-BBFA-4CBAFF43B846}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{060D2CE6-FB9E-4DE3-A268-F1DFB6319590}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{063C66E4-A417-41EB-8453-FE2AF5BEF357}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06E89CD3-F472-4794-B884-B4EDB7BDF389}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{0765F56E-076C-486C-BBE3-8B0B5EAE6D38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08A94392-6997-4E40-B52C-DFE5CB87272F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AF32B5E-1D48-456E-98AD-5D952C106856}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AF599AF-B5D9-4446-B8E8-EAC089EB0952}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{0EC331FB-0EC9-4785-9516-FADE11D598C0}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{0FC0D230-74B4-4C07-BAF7-C083B4F4D823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12BA3122-F624-4343-8678-F7B19050EECC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12E3B202-387B-4BC7-9FD6-81FD91B09AC5}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{13F5121B-72C1-4F75-8923-737FDA10C1D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15306BAD-CB57-49CE-BE20-FEC8BCD86CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16C9BDBA-BAE5-4D9E-91B9-34A9D3FB1905}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16EB0AF3-476A-414E-9CD1-020E6237659B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{17EF80D6-50E2-4EC8-8AA9-8E7558C87B23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18502205-C3CD-4F97-8620-77553CD735C0}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{1A6391FA-F679-46B4-9D01-0DC4F9B77D13}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{1A7C3107-416D-4AC3-845E-63C829857C8D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1B29202E-6123-4CC0-8720-AC45F61E7410}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B48EAF6-FE07-47A5-A560-92B1D0380B45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D1B1307-E60E-4979-AA65-406AB49D24D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2C5B6B-AB38-48E6-9AE2-7B92DE61D4A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EFDF5AE-7208-4222-AA62-09C69756404B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F446221-3B0C-4FB3-8352-D036196A3C3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FB94FC4-43F0-4EFF-830F-97F34A629487}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{201F9298-AF53-495B-9272-B939E8B9C1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20561D69-291F-4CF6-AEA2-C7108A2D6320}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2056E39A-BA4A-4E18-81DA-EF8AE4E44E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21DDC233-73D3-4522-A121-26A60A71BE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22A14CCE-09C0-4909-B366-C5597825C554}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{23E51634-02F5-4063-84F3-76E5B7487C4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2427A845-A4CC-488B-B4B7-E1CA4545BC81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{253C2845-7496-4F67-8F13-AC7579F399F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{261F945E-70C0-483B-9F86-5660093472AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29529645-59FE-4C70-95F7-1416CC3E85D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29E04DEE-B21B-4B03-8707-07E4FFA5F5F9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{29E97BBD-ADE1-4128-B4A0-65C6970760CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B68E02D-17C4-4E0B-8A8B-C6E3DADA9B22}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{2BFFB3EF-AC34-4232-ADAF-925CD26773DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C0AA2F8-CACF-4774-9075-2A9178C485AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C24E6DC-D976-4EF5-991B-79153B863515}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2F1B9939-07C9-403E-B866-CDF51C62031E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{321CFE66-0082-4E2E-A044-CC126195F7C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3331F905-09E4-4EB3-85B1-DC7EA390A414}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{34E1A77D-0223-4593-A5FB-EAF9E02A1D28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3549C9EB-8CFA-44A2-98C5-B0E497F7607D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38CE78E5-A3B2-4F7B-B51B-790F735D3B50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{39446190-7E9B-4850-B3C9-4388586F0161}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A624FC4-55A1-487B-9F79-35EA3BFE027B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A7FE6FD-95B7-4F98-8B32-D743CD53A338}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B2134DE-50F7-4DD9-A57A-B37431686F31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B8D2309-C7BC-4AEE-A71B-95EEEBF57BB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E9206F7-7995-4251-AAEA-9B3AA3391570}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EA7C4C3-473D-4972-B8CB-73055ADC3BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EA8354A-4495-457D-A2C2-BB2B24A49D92}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3EC2D50D-B888-459A-916C-F348E4C7D026}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{412B9C20-F6D3-4A82-9ED6-1A7F6B609561}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{445EC0FF-0B38-435B-8905-837D449E1CC2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{44AA8545-1D01-461D-ADD2-C85FFB1614A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44AECE3D-FB75-4327-A40F-F127E87F998E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4520AA31-752D-4C6B-8F8B-762861A5F51E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{45874A1E-A7CF-4EA2-8BB5-91D5850BB581}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{459851BF-FEFD-42DE-93C5-36300D235FC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45E593AF-1178-4F9C-9DE8-F8D2463C85A1}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{475A9057-F181-4F8E-B403-C31D93FF9EC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{484ED3F1-4EC9-4430-8736-7A41A3AD0C88}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{49EE31D0-C35F-4925-8BD7-62D7DD2279A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A7FA362-09A4-430B-B506-BDBA4185D8E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C3DE9CE-6FE5-49BB-8DE0-C44B9DD15EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D7A1B5F-6182-4340-9152-E9D7C1FC713D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E64EA4B-EB90-40D4-B087-1ED1D032CC2F}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{4F769272-E666-486D-AD85-63D3CC080F83}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{50254E9F-0FC2-47A0-81A4-5715CED8327C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{524AA7E3-3158-4E0F-8BC1-153566C7B465}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{52522F26-5990-4C97-952B-E17353598B31}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{547208D8-B69D-4B27-9B92-8AFAECD7EDB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{54AFF89E-A510-41B4-A47F-670F5A22B419}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{550621FC-2610-4C8B-A521-B83C521AEE5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{553F3D6C-E8E0-45CA-918B-16626CD69E29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55C2DB85-8EA5-4DC4-B944-3D9066D17DFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56F3ADCC-8AF9-4F7A-BE53-90278D042209}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{575A05F6-2DCA-442F-89C3-9FCA54DDEA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57BADEF4-6B91-4796-A184-17EA51B15119}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{583A115C-9482-4103-90B1-5D1DB9C36E01}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{590BB804-1862-486A-BE16-1AA2AB4BCC60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B47B68A-C70D-440C-B45F-E0ED324F91E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B6CAF74-2F3E-45BF-B59A-AE6AA427CDB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BF7E6D7-F00F-4992-82CA-106FD853F87C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CEF02A8-ED95-443C-95A0-8B1625DA4EB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5D448EA2-A247-411A-884E-48A5F1C62D26}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5D9FB8A5-E942-40E2-994C-17CE5D442D1D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5E3ACE8B-F530-496A-B226-46E0241CF5FD}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{5FB991BA-6560-4469-A43B-114B8FBF3DE7}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{5FBDC781-FEE3-4F16-B78B-CBE971979783}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FD4258A-CC28-40B7-9DB3-49FB421A2F09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60CFBFB9-3ACB-4B51-B152-8B7CDFCCCDD1}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{652DEB29-20B6-4E45-932D-8AE5304440E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6577A1D4-5EF6-4CDB-8546-0A75208770FC}" = protocol=6 | dir=in | app=c:\users\cowboy\desktop\classes\uwpclasses.exe |
"{67747A49-F967-4F0B-99DE-0B37B167428A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BC37EC8-731D-464A-99EE-C90485F0A818}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CBF9B47-4E00-4FAE-845A-05E5F923C8D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D55C17A-26B7-4F61-97EB-F2BF4701576B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ED4F796-2EC5-4EA3-A469-34BDC2806CE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F80AA45-CFF4-4588-95E4-16A8AD517FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71BD07DF-D5BA-4FB3-9A8C-F6D526170057}" = protocol=6 | dir=in | app=c:\program files\7-zip\7zfm.exe |
"{7227AF78-B52F-43B1-9FB0-8EE8E2AEE5F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74479465-BBFE-4EB5-8D33-805D7A2E2680}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74600A6D-BF71-44DD-8BA1-8D47F7DC0F88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76FE1CF7-4040-47E7-B04F-C1B6C5E0A20F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{788EAC2F-C5E1-464D-BB6C-277626E23C47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7900E8CF-0AB1-4D37-8E5F-49300DECB61B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AFBC72A-DC36-49D6-A244-204A0E16491E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B077847-4A91-4F7C-B95D-9001DE989C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B6C2E86-6B02-427B-AF37-198BA150F72E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7D96102D-146D-4145-99A4-268E5B4539BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E02737C-45ED-4840-8191-CCE8A5EA8B52}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{815BB88F-E8B0-4B1A-9F2E-6EBCB5069680}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{820DFBA7-8624-47E7-A321-40EE97945CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8227F218-40A7-41BC-8616-06B5EDC1EF09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{834EB8EF-67F9-4937-9DA5-D9C5B6F9D5BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84AD38E8-461D-4311-85B0-3C47C9AF26FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84E2FF2B-1618-4E35-A777-E6D3867F3B52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84F0D44E-7FF6-43D7-85F1-93F9F24B174D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{87B0CA8F-E4A5-4D8C-9618-EECD96A40DC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87E9972C-7FAF-4202-97E2-D437224E4705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A4AF00B-FD05-4AB6-8E85-EFC6C50AB0A7}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{8B6B89AC-2CCC-4E76-9035-2681994D9EA4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8BB9E8E9-A3BA-426B-8153-E4C503EC3DED}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{8C88D9D9-CFEE-4834-8395-D17E33E37257}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{904DD503-EBB1-4EE5-AF01-DB5A6856D8FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91C259D9-6688-4622-ABEB-F7D624F589A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9297B0D5-6FD5-4663-8C66-EC529A5E6B49}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{944F296A-69F5-4386-A711-91BED5905EFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{958C08EE-A2B6-41D2-8AAE-27E6095E0EB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95F26E3A-CD89-4B6B-9930-9CF414CB0FA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9687B1F3-EB37-408A-A9AF-96BF2D7AB95D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{984E256E-9603-4AE9-940F-1B6FE188CCE9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{98A0E308-B659-414D-9391-50C46FCAB673}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{995A9811-A6E4-40D8-8F15-7FE89106B99D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9A0EE12A-88B2-4F21-8F7E-DBEF91FD7D32}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9AA9A31C-5273-45A6-8688-D812F7869353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B1890F6-1140-4A05-8FA2-71E9F909BE3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BCADB56-CE20-4717-B2BB-479E89B89A0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C7BA3D9-6EB7-4EAE-B31D-A1952E13148B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9CFAE4EA-1197-4B65-8FD6-8676E2B2DD74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D9D4B9B-81C5-4CE2-93E2-4625383FEF67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1DBDCC1-7B3E-4F27-A6D3-A781851F5E63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1E7C748-9396-46C5-B324-54697CE9D51E}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{A225D45E-690F-4328-98F7-3110EC438159}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A28E8A9C-0602-4BF3-9CF4-ED6660A8AD8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3BEF9CA-A782-4A65-87C0-3BFC98A91AC0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A5A19927-0D62-4B0A-9709-8CAF89086D30}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{A66982D9-6FCF-4BF5-BBA5-2100FC0B046B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A742015A-9737-4A9E-B0C6-155781262428}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A807B7CC-4B27-4BB9-83E7-52919FAE930C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9BB2F31-55F2-4FB3-B720-2AB28D73A980}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AAB8B6F6-52AA-450F-AC7E-8DC6BBFAB597}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADB0B788-E7D0-4C51-B831-1E8D21AC8991}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE0D0EB6-1E83-40B3-A437-C473A70887DA}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B031AD7E-06B6-433F-A248-8976D6B14DEF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B24FE09F-B967-4B2F-ACE4-AE5D5648DC03}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{B25265EB-5A24-42CA-A2D7-001B3426EAC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B38D4A6D-D9A0-4DE7-914F-A31C567A77B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3E73E43-3916-4A7D-8AAD-A503FFE84F0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B499A98C-B6CA-4D3A-BD21-006E861AE6BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5B62515-1AC3-4ED1-A214-8796774D8190}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{B5D43A80-B111-4CB5-9279-7878BFD4420D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B6245CA3-E0A2-40AE-AEA6-E36E8ABF3670}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6CC024F-C4BE-464B-8D9D-7D66B2B2228B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6D9C489-6704-40EA-B521-088623E7F2E5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B7910110-54EC-4655-89CC-1E1ED759D904}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B79CF650-1350-4CC6-B61D-D321A185915E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7F6A408-C3E8-4346-97CD-637B972B6C91}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{BA975802-0093-4846-803C-A991FEA88254}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA9D83E6-0700-4992-B90B-A4863FBD854B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{BAF2920B-0C7B-4904-BF4C-4D66EA4AEF55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB32C97B-231B-4C2A-BA2C-96724B33A827}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB93B2A9-5C96-4200-A723-9EA6040AEFE4}" = protocol=6 | dir=out | app=system |
"{BC588FAE-25A6-4C2C-B21E-36C829A5AE7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD9E3B13-040A-47B3-8C81-DAD38A17769C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE6F5532-0E1A-4A05-8C1C-CEBB556E6EAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEF138B7-72D4-4143-974D-5AF8663EDF32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF9EE7C5-E2A3-4642-BB71-311009670DF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFCE21F3-EC82-45DF-81E8-12A29795EA09}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C1A39F4F-6724-4012-B4C6-2424F4D100B6}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{C1F870D3-8915-4350-AEE6-CE73A367C3D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3A227D9-AE81-4AFE-8578-CB7E3B0E8961}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C621E7F5-14FD-4E81-ACD5-9C2069209F61}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C6B92F38-50D7-4879-8FAA-609632FA0292}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C72843CA-131A-41F6-AC63-FB664E75FDB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7E0373D-F609-48C3-B3FD-D01AD7DDB0F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C915C48B-7607-466C-90C8-7AB80268931A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB1757F8-AB40-437F-A638-D79B0D9AF081}" = protocol=17 | dir=in | app=c:\program files\7-zip\7zfm.exe |
"{CBC8F59D-65C4-408E-8ABE-EED748FC6241}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC7EB8DD-41FF-4798-B538-3D99B6CAC96E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF18329D-4C38-4A61-A563-EA72ADA968DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFA04434-E549-4331-9C52-C75FFE2BC1C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFDEBAC3-A91B-42B3-865E-64A85A6685D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFE0E32A-66F6-4509-8503-67C92463E1F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0991E9D-66E4-46B3-9FCF-D1E86420EBD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D33BCE0B-5969-4ED2-8EE2-043EA0CB97FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D45FC5C1-6BDE-4CD9-8AAD-7FF9206A2EAA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D4E92F4A-4F91-4DCE-9762-A498BF6C9500}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D575D4FC-1CE7-4C92-836E-BDE35C1FF1B2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D668E6F3-BE17-4688-83E8-5465FF8591D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7673508-EE25-4D9C-8C67-E4E7AD618B41}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{DAE8D072-4263-441C-B8B9-5E4517E0A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC30ED2E-3390-4CC9-9C46-1F587C15A5DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD7F76D6-B7A8-466E-B8AC-0F856FA5C352}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF161BA5-DB27-4848-B66A-6E646F3E22D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{DF5ECB2F-9FCF-4DC3-B0CD-97231A89CC85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E097A8B4-10CC-4893-8A93-F8FD39FD8AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0BFD037-6BEB-4355-A701-95B6C361EAD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1195661-B321-46D7-92E8-11C042B30707}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1813965-78D5-4567-8D0D-E07CDD2ACB10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E340E35E-A49D-47CF-9049-8F484D15DA42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3C56216-7477-405C-A7A6-1F655B18F0A6}" = protocol=17 | dir=in | app=c:\users\cowboy\desktop\classes\uwpclasses.exe |
"{E42C02C8-F108-435A-A4A9-E42795ADCA0D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E42D59C9-0AD5-48CF-BE43-42635583BA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4FFECDE-7806-487B-BEF2-2A98B4FEC37E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E90D401F-FECB-43AA-ABEC-F191938B7D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9A20A21-C3AE-4E46-8574-4F10144CAEFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED5344BB-D7A2-47A4-9A76-BB7B8C2F6260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ED683583-2A88-41C1-83C4-3B94D307FB64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE34CF5B-1DE3-4388-B96D-97DAE3FDF038}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EED59F82-F238-4260-AB51-DA393F916824}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F087BAEB-2C44-4A9C-890A-48102BB931EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0BCA566-FAE5-4BFE-B329-7283E4BD2274}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F13FA30C-9443-4AB1-8F1A-FCFB2C1B11DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4305700-556D-4A6C-922D-2D61668AF946}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4A8EE6C-92A1-4F7F-A176-4704227B6A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F56ADA48-9406-4D71-A6CD-3F36387C54F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F993A32E-B51D-4A97-89F2-9B8F8D45CF57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9BB5DD9-97A2-47E8-88C0-F2387BC64F3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FB64929B-5EFD-4CA2-9D9C-7FE2E3E5F23F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBA728B0-A623-4EC7-B31D-7DC3116C6C9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC1DDE17-B90D-48EE-AD59-DF3C12A5BD9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD1A9ADD-03BF-4FE6-AA72-A940547E5378}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{FD801EB8-D399-4840-9BEC-1CDCA6A99080}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEE1A387-F576-4C29-85F0-C01E375D185B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF1A74B1-A000-4163-AAC2-F2AE9EDE49B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF3F4986-DFB4-48F9-A650-F91C7666F118}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF80F0FB-8693-4ACC-BD15-843A45A7146F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{09FB9223-AE7E-46D2-88CA-E15072B29C15}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0AA5B7FF-61BF-4C49-BA54-77B25BC88916}C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"TCP Query User{105A654F-4D9F-4ABD-BFAC-8E06E1B7663F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{3521E62C-3C1E-417F-9EEE-3034D49F742D}C:\program files\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\program files\udk\binaries\swarmagent.exe |
"TCP Query User{390E6012-6356-4463-84B5-7C291287660C}C:\program files\digital reality\imperium galactica 2\ig2.exe" = protocol=6 | dir=in | app=c:\program files\digital reality\imperium galactica 2\ig2.exe |
"TCP Query User{42DE92AC-BF11-4BC4-B514-2F80970D2F38}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4C8180C2-C6FF-45E0-ADC8-0B279671F764}C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"TCP Query User{5F4F475A-E689-438C-8C53-F8A840B58AAD}C:\program files\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files\udk\binaries\win32\udk.exe |
"TCP Query User{6004FC4C-A5D9-4165-A997-0E14647D7C31}C:\program files\age of empires 2 the conquerors\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1.exe |
"TCP Query User{673E00DB-21C1-42C5-89A5-13ABDC844087}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{771C0815-D7E6-40B6-B0F0-53BABE06B1B3}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{78882B39-EF22-4AD0-8108-74F6D1E53012}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{7B687A4A-33A8-40C1-A20E-2A0DBE5A87A6}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{96E25440-CDD0-4BD0-B4FD-AFC9698CEB51}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{9AB922C0-B8BD-41A1-BC37-A0E5B20B5B4B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B31A151B-3A1B-46B4-B003-FFC0C81F73E3}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{BC12D9F7-0042-42A6-82AD-46CBE132110C}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{BD550651-DD43-481B-BB90-336D83FDD807}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{C395071D-F774-4FE1-9CD3-20B9A344F8A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C4483042-91A0-4AA7-BDBE-8C24B9AB0E7E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CB696410-90ED-4B1A-B9AF-AAB51EA0580B}J:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=j:\warcraft iii\war3.exe |
"TCP Query User{D128308A-FC10-46AB-8F93-AE348D6D03DC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D5B17B87-342B-4A95-8D42-6352CA03444A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{DA1974FA-C665-405B-B942-BE1275C45586}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe |
"TCP Query User{DC6DC73A-0BCD-4CA4-8CF9-0A2324D9E483}C:\program files\udk\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=c:\program files\udk\binaries\win32\udkmobile.exe |
"TCP Query User{DC86C004-FBF1-4BBD-9026-F0C8111BEA28}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe |
"TCP Query User{E05C5783-2D22-4E41-8062-DD77EAAE8C6E}C:\program files\age of empires 2 the conquerors\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1.exe |
"TCP Query User{E0E456A0-DDFC-404F-B7E0-ECEC41513C6E}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.icd |
"TCP Query User{E250B882-95A3-46FC-B640-282677B1C848}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{E79A5D13-5D98-4D3A-BC7F-53658CD2B4BF}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E92A59AF-4D9E-450E-9402-B1E06C9FB658}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{027A51F2-D9B4-4F7F-9F3C-6C6DF43D9965}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{0E354651-7FD3-4A70-92CF-E0BBD7437401}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{189511B0-E8D2-438A-87C6-27D95552AB46}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{223D9351-9A1C-44BB-BE11-456A3F44EABA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{34B7DC44-5AF1-4CB4-9D60-847C459BAD10}C:\program files\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\program files\udk\binaries\swarmagent.exe |
"UDP Query User{41217D37-8E59-4EA6-A44B-15912C9E4769}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6A58A7DE-9A33-4689-A9F8-A0C350715E07}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{6DC70984-AABC-4EA5-9098-AEE7EA8F68BD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{706C41BA-A3DC-4497-9C62-40B4E802A8B0}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{7BFF1456-801E-4450-8911-CFCDF2E97FE4}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{863848AA-BA98-49C9-9EB7-CF8F08CC0179}C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"UDP Query User{8FAC9914-A13D-4E9E-872E-219893416591}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{92A57329-F15B-466B-937D-EB43F354C8B7}J:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=j:\warcraft iii\war3.exe |
"UDP Query User{9398EE1F-2A52-4704-92E2-E967FCA89081}C:\program files\udk\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=c:\program files\udk\binaries\win32\udkmobile.exe |
"UDP Query User{9D794EF9-4AEB-46C2-B3C7-4A79B63D46C3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A3E788FD-1299-4823-9089-E360C94B37AA}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.icd |
"UDP Query User{AA04D4C9-CAE9-4A55-8022-87B6F265DC8F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{ABF67537-C133-4A4C-B33E-A26B0754B9A5}C:\program files\digital reality\imperium galactica 2\ig2.exe" = protocol=17 | dir=in | app=c:\program files\digital reality\imperium galactica 2\ig2.exe |
"UDP Query User{B2652926-1EEA-4B87-A2F5-6A4CE7EFF22B}C:\program files\age of empires 2 the conquerors\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1.exe |
"UDP Query User{B3B33E38-8697-49D2-9067-C2AD65A242F8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B40F957F-8B02-408C-B10F-BAD1BBB96437}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B83E9C0A-5199-4818-80C7-8A7B8F804D66}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{B9B2E446-B535-49FC-97E0-99C9FA6898C8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C0F1206A-009A-4921-B96C-96719529F85A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C6E87D49-5996-414E-82F7-FD7AE0B5B1F8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C89D08C1-ED3E-4D69-9999-EF5761B1DEED}C:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{EFC30A0F-29BC-46D0-92E3-3ECF7461336D}C:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"UDP Query User{F39B78FC-A50B-4069-AC86-D6E359D19253}C:\program files\age of empires 2 the conquerors\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\age of empires 2 the conquerors\age2_x1.exe |
"UDP Query User{F98AA3E6-9656-40C1-9FD7-11E12F22297A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{FF1B5974-3D07-4376-8093-F4108705AEF9}C:\program files\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files\udk\binaries\win32\udk.exe |
"UDP Query User{FFB75920-956E-4B52-B3CA-0E2BC6575B2D}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Treasure Planet: Battle at Procyon
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age Of Empires 2 & The Conquerors Expansion - Full Game" = Age Of Empires 2 & The Conquerors Expansion - Full Game
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Arena_0" = Arena 4.0
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"Avidemux 2.5" = Avidemux 2.5
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Comical_is1" = Comical 0.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FMOD Programmers API Win32" = FMOD Programmers API Win32
"Freez DVD Ripper_is1" = Freez DVD Ripper v1.5
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"Glary Utilities_is1" = Glary Utilities 2.31.0.1098
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imperium Galactica 2" = Imperium Galactica 2
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"JixeySearchHelper" = Jixey Search Helper
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Meep" = Meep Media Downloader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoPad" = PhotoPad Image Editor
"Pixillion" = Pixillion Image Converter
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.1
"Rhapsody" = Rhapsody
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UDK-2ea357de-a957-4893-966c-da864c89cb8a" = Unreal Development Kit: 2011-01
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2011 1:29:27 AM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 12:48:56 AM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 1:02:32 AM | Computer Name = Cowboy-Laptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x5ac, application
start time 0x01cbd3de0d85735d.

Error - 2/24/2011 1:04:31 AM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 1:54:03 AM | Computer Name = Cowboy-Laptop | Source = Application Error | ID = 1000
Description = Faulting application LOLClient.exe, version 2.0.2.12610, time stamp
0x4c00573a, faulting module Adobe AIR.dll, version 2.5.0.16600, time stamp 0x4ca30e16,
exception code 0xc0000005, fault offset 0x00385767, process id 0x16a8, application
start time 0x01cbd3e246bf216f.

Error - 2/24/2011 2:38:13 AM | Computer Name = Cowboy-Laptop | Source = Application Error | ID = 1000
Description = Faulting application LOLClient.exe, version 2.0.2.12610, time stamp
0x4c00573a, faulting module Adobe AIR.dll, version 2.5.0.16600, time stamp 0x4ca30e16,
exception code 0xc0000005, fault offset 0x00385767, process id 0x818, application
start time 0x01cbd3e76b7d01cf.

Error - 2/24/2011 2:23:05 PM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 2:44:07 PM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 4:49:02 PM | Computer Name = Cowboy-Laptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x510, application
start time 0x01cbd452adfdf872.

Error - 2/24/2011 4:51:26 PM | Computer Name = Cowboy-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/27/2011 2:55:13 PM | Computer Name = Cowboy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 3:05:25 PM | Computer Name = Cowboy-Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 2/27/2011 3:05:30 PM | Computer Name = Cowboy-Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 2/27/2011 3:05:51 PM | Computer Name = Cowboy-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:02:55 PM on 2/27/2011 was unexpected.

Error - 2/27/2011 3:06:03 PM | Computer Name = Cowboy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 3:06:11 PM | Computer Name = Cowboy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 3:06:20 PM | Computer Name = Cowboy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 3:06:21 PM | Computer Name = Cowboy-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 3:07:20 PM | Computer Name = Cowboy-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/27/2011 3:07:20 PM | Computer Name = Cowboy-Laptop | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Attached Files

  • Attached File  DDS.txt   22.01KB   1 downloads


#8 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 February 2011 - 02:38 PM

I was able to attach the dds.txt, so the TDSS must be gone. I'm in safe mode right now, so I'll repost when I run my computer in normal mode to see how it's doing.

EDIT: Just rebooted in normal mode, and it works much better. No more hijacked searches, no more pop ups. computer is much less bogged down. AVG Resident Shield is no longer throwing up warnings. However, Windows Media Player still does not work properly.

Edited by 3080Cowboy, 27 February 2011 - 02:51 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:28 AM

Posted 27 February 2011 - 03:06 PM

Hello,


Lets run TDSSkiller one more time and see what it says.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

3.
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

4.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

(Java™ 6 Update 7
Java™ SE Development Kit 6 Update 23


Additional instructions can be found here if needed.

Things to include in your next reply::
Tdsskiller log
MBAM log
Eset log
A new DDS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 28 February 2011 - 12:40 PM

TDSSKiller found nothing, so no log for that.

MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5900

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/28/2011 12:00:51 AM
mbam-log-2011-02-28 (00-00-51).txt

Scan type: Quick scan
Objects scanned: 174958
Time elapsed: 27 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 63
Files Infected: 579

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\Temp\1636140 (PUP.BHO) -> Quarantined and deleted successfully.
c:\Windows\Temp\1768800 (PUP.BHO) -> Quarantined and deleted successfully.
c:\Windows\Temp\6130500 (PUP.BHO) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\DNWE9F0K\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\inithtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupgames.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuphtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuprss.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupwidgets.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupabout.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupgames.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupwidgets.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-info.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateff.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components\windowmediator.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

ESET log:

C:\Program Files\Common Files\System\icm64.dll a variant of Win32/Induc.A virus
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml probably a variant of Win32/TrojanClicker.Agent.LICAVJR trojan
C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll Win32/Adware.SpywareProtect2009 application
C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll Win32/Adware.SpywareProtect2009 application
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-71a0b320 probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-37aeec28 multiple threats
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-184f4858 probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\650cc4e4-625f819a multiple threats
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-4ca65511 multiple threats
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-5f2283be multiple threats
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4708433b-6e5bf320 a variant of Java/Rowindal.A trojan
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-42e33a45 multiple threats
C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-6d122014 Java/TrojanDownloader.Agent.NBU trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-480b20ef multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-18a6eba6 multiple threats

DDS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Cowboy at 11:24:39.62 on Mon 02/28/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2814.1444 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cowboy\Desktop\Malware Removal\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uLocal Page = \blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Meep Media Downloader: {cf745aca-6fa6-45ed-ab49-e10a0d1870c5} - c:\progra~1\meep\222acd~1.7\meepbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Meep Media Downloader: {cf745aca-6fa6-45ed-ab49-e10a0d1870c5} - c:\progra~1\meep\222acd~1.7\meepbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\cowboy\appdata\roaming\mozilla\firefox\profiles\5xpk2lox.default\
FF - prefs.js: browser.search.selectedEngine - ThePirateBay.org
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://jixey.com/?id={C6615258-1EBF-4147-B549-C7C45F757004}&brand=&ver=2.2.7&src=adr&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\cowboy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\cowboy\appdata\roaming\mozilla\firefox\profiles\5xpk2lox.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Meep Media Downloader: VideoBar@meep.com - c:\program files\meep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 wmcmgc;Windows Management Configuration;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-30 122984]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-11 20080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-1 84832]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-25 517448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-02-28 06:09:49 -------- d-----w- c:\program files\ESET
2011-02-28 05:12:25 -------- d--h--w- c:\windows\PIF
2011-02-27 18:56:03 -------- d-----w- c:\program files\Drop Down Deals
2011-02-27 18:55:54 -------- d-----w- c:\progra~2\Tarma Installer
2011-02-24 07:02:07 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 06:51:05 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{9bf45e79-d0a2-4cb4-8ff9-a63ec1b896e8}\mpengine.dll
2011-02-19 20:59:29 -------- d-----w- c:\users\cowboy\appdata\roaming\Sony Online Entertainment
2011-02-19 07:28:46 -------- d-----r- c:\program files\Skype
2011-02-16 18:50:18 -------- d-----w- c:\users\cowboy\appdata\local\SCE
2011-02-13 13:34:45 -------- d-----w- c:\program files\UDK
2011-02-13 13:07:59 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-02-13 13:07:49 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-13 13:07:49 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-02-13 13:07:49 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-02-13 13:07:49 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-02-13 13:07:49 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-02-13 13:07:48 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-13 13:07:48 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-02-10 23:01:34 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2011-02-10 15:32:13 -------- d-----w- c:\program files\FMOD SoundSystem
2011-02-10 12:23:19 141288 ----a-w- c:\windows\system32\drivers\hnmnfztk.sys
2011-02-10 04:34:57 -------- d-----w- c:\windows\system32\MpEngineStore
2011-02-10 00:05:04 -------- d-----w- c:\users\cowboy\appdata\roaming\Microsoft Games
2011-02-09 20:39:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-07 08:22:49 -------- d-----w- c:\program files\Sun
2011-02-07 08:22:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 08:22:32 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-04 05:37:15 -------- d-----w- c:\users\cowboy\appdata\roaming\Local
2011-02-03 01:21:25 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-03 01:21:24 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-01 18:06:38 -------- d-----w- c:\users\cowboy\appdata\roaming\Auslogics
2011-02-01 18:06:34 -------- d-----w- c:\program files\Auslogics
2011-02-01 17:39:12 -------- d-----w- c:\progra~2\IObit
2011-02-01 17:31:19 -------- d-----w- c:\users\cowboy\appdata\roaming\GlarySoft
2011-02-01 17:30:36 -------- d-----w- c:\users\cowboy\appdata\roaming\IObit
2011-02-01 17:30:36 -------- d-----w- c:\program files\IObit
2011-02-01 17:26:17 -------- d-----w- c:\program files\Glary Utilities
2011-01-31 00:55:35 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-01-31 00:53:51 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-31 00:53:25 -------- d-----w- C:\NVIDIA
2011-01-31 00:43:16 -------- d-----w- c:\program files\SystemRequirementsLab
2011-01-30 20:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 20:33:30 -------- d-----w- c:\users\cowboy\appdata\roaming\FixCleaner
2011-01-30 20:33:22 -------- d-----w- c:\program files\FixCleaner
2011-01-29 22:01:40 -------- d-----w- c:\users\cowboy\appdata\local\PMB Files
2011-01-29 22:01:37 -------- d-----w- c:\progra~2\PMB Files

==================== Find3M ====================

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:06:28 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 03:06:22 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 03:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 03:06:08 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 03:06:08 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-08 03:06:08 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-08 03:06:08 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-13 19:24:22 11264 ----a-w- c:\windows\system32\roboot.exe
2010-12-02 09:12:06 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll

============= FINISH: 11:25:52.78 ===============

Computer's working much better now. WMP still does not function properly, but I can work around it. No BSOD's in a long while.

One thing I just noticed is a process called "ntvdm" running on occaision at 90%+ of system power. I've never seen this process before now. I read up on it, and while it is a legitimate process, it can occaissionally be a virus in disguise. I haven't removed it, as I figured it show up in a scan and you'd fix it if it was a virus, but I just wanted to mention it to you.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:28 AM

Posted 28 February 2011 - 03:16 PM

Hello,

Well it seems it cleaned up alot of the infection. We need to have that services file checked to make sure it is not a virus.


1.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\windows\ntvdm.exe
C:\windows\system32\ntvdm.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

2.
We need to run an OTL Fix

  • Download OTL to your desktop.
  • Please open Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :files
    C:\Program Files\Common Files\System\icm64.dll
    C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml 
    C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll 
    C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll
    :\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-71a0b320 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-37aeec28 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-184f4858 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\650cc4e4-625f819a 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-4ca65511 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-5f2283be 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4708433b-6e5bf320 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-42e33a45 
    C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\enemies-names.txt 
    C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\local.ini 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-6d122014 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-480b20ef 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-18a6eba6 
    
    :commands
    [RESETHOSTS]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



3.
Please update MalwareBytes and run a Full Scan and post its results.


4.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
Jotti results
OTL fix log
MBAm log
OTL.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 01 March 2011 - 12:21 AM

Checked ntvdm on both sites, both came back clean.

OTL fix report:


========== FILES ==========
C:\Program Files\Common Files\System\icm64.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml moved successfully.
C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll moved successfully.
C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll moved successfully.
Error: Unable to interpret <:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-71a0b320 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-37aeec28 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-184f4858 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\650cc4e4-625f819a > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-4ca65511 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-5f2283be > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4708433b-6e5bf320 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-42e33a45 > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\enemies-names.txt > in the current context!
Error: Unable to interpret <C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\local.ini > in the current context!
Error: Unable to interpret <C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-6d122014 > in the current context!
Error: Unable to interpret <C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-480b20ef > in the current context!
Error: Unable to interpret <C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-18a6eba6 > in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.1 log created on 02282011_163000

MBAM log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5900

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/28/2011 5:58:52 PM
mbam-log-2011-02-28 (17-58-52).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 400339
Time elapsed: 1 hour(s), 26 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt:


OTL logfile created on: 2/28/2011 10:57:21 PM - Run 2
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Cowboy\Desktop\Malware Removal
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 3.34 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS

Computer Name: COWBOY-LAPTOP | User Name: Cowboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\Malware Removal\OTL.exe
PRC - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/06 22:24:32 | 001,866,864 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\Malware Removal\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (wmcmgc)
SRV - File not found [Auto | Stopped] -- -- (Ias)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 21:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/11 17:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/08/11 14:03:35 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/09 10:58:28 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/17 00:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 20:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ThePirateBay.org"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: VideoBar@meep.com:2.2.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148
FF - prefs.js..keyword.URL: "http://jixey.com/?id={C6615258-1EBF-4147-B549-C7C45F757004}&brand=&ver=2.2.7&src=adr&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 15:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/03 23:37:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/03 23:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 15:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 17:35:10 | 000,000,000 | ---D | M]

[2010/01/21 14:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions
[2010/01/19 23:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/02/27 13:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions
[2011/02/16 12:49:28 | 000,000,000 | ---D | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/01/30 18:40:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/29 15:22:27 | 000,001,635 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\firefox-add-ons.xml
[2011/02/12 18:52:37 | 000,002,567 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\hulu.xml
[2011/01/29 21:11:57 | 000,001,504 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\imdb.xml
[2011/01/29 15:24:20 | 000,002,072 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\msdn-search-with-google.xml
[2011/01/29 15:17:50 | 000,001,508 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\neweggcom.xml
[2011/01/29 15:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\thepiratebayorg.xml
[2011/01/29 15:16:43 | 000,002,057 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\youtube-video-search.xml
[2011/02/27 13:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/07 02:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/27 15:11:25 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/03 23:37:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/03 23:37:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/05/23 05:37:02 | 000,000,000 | ---D | M] (Meep Media Downloader) -- C:\PROGRAM FILES\MEEP\FF
[2011/02/07 02:22:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/27 12:55:52 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/02/28 16:30:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cd98578-821f-11de-b6f5-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell - "" = AutoRun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\adobe\command - "" = G:\goodies\ar405eng.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\AutoRun\command - "" = G:\aocsetup.exe /autorun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\setup\command - "" = G:\aocsetup.exe /autorun
O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\zone\command - "" = G:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell - "" = AutoRun
O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: wmcmgc - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 16:30:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/28 00:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/27 23:15:21 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cowboy\Desktop\tdsskiller.exe
[2011/02/27 23:12:25 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/02/27 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Drop Down Deals
[2011/02/27 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/24 01:02:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/19 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/02/19 01:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/19 01:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/19 01:28:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/16 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Local\SCE
[2011/02/16 12:50:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/02/13 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\Malware Removal
[2011/02/13 07:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/02/13 07:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\UDK
[2011/02/13 07:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/02/12 21:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\IncCalc
[2011/02/10 17:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2011/02/10 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Media Player Classic
[2011/02/10 09:32:27 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\FMOD SoundBank Generator
[2011/02/10 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\FMOD SoundSystem
[2011/02/09 22:34:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/02/09 18:05:04 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft Games
[2011/02/07 02:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/07 02:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/02/05 02:19:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\ngspice-22
[2011/02/05 01:06:19 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2011/02/05 01:06:19 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2011/02/05 01:06:19 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2011/02/05 01:06:19 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2011/02/05 01:06:18 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2011/02/05 01:06:18 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2011/02/05 01:06:17 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2011/02/05 01:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2011/02/03 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Local
[2011/02/02 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\Dungeons and Dragons Online
[2011/02/01 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2011/02/01 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/02/01 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/02/01 11:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/02/01 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/02/01 11:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/02/01 11:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/01/31 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/01/31 22:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/30 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/01/30 18:54:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/01/30 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/01/30 18:53:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/30 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/01/30 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab
[2011/01/30 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\FixCleaner
[2011/01/30 14:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner

========== Files - Modified Within 30 Days ==========

[2011/02/28 23:00:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000UA.job
[2011/02/28 22:03:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 22:03:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 18:49:02 | 107,452,932 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/28 18:00:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000Core.job
[2011/02/28 16:30:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/28 16:21:01 | 000,002,577 | ---- | M] () -- C:\Users\Cowboy\Desktop\Facebook.lnk
[2011/02/28 00:03:37 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/02/28 00:03:37 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\EGTZFTNE.job
[2011/02/28 00:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 23:15:21 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cowboy\Desktop\tdsskiller.exe
[2011/02/26 00:07:32 | 000,000,665 | ---- | M] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/25 17:37:21 | 000,136,704 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 13:02:12 | 000,001,356 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2011/02/22 20:40:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\&
[2011/02/22 16:57:19 | 000,000,174 | ---- | M] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/22 00:25:23 | 000,870,128 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/02/22 00:25:23 | 000,000,004 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/19 01:28:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/12 19:07:20 | 001,474,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/12 19:07:20 | 000,423,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 17:02:16 | 000,000,730 | ---- | M] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 22:31:10 | 000,333,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/09 22:15:06 | 000,000,174 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/02/09 17:55:24 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/08 18:59:48 | 000,223,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/05 23:49:33 | 000,000,846 | ---- | M] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 02:15:16 | 000,002,412 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2011/01/30 18:03:21 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/30 18:03:20 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.001

========== Files Created - No Company Name ==========

[2011/02/26 00:07:32 | 000,000,665 | ---- | C] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/24 01:01:46 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 01:01:46 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 01:01:46 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 20:40:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\&
[2011/02/22 16:57:00 | 000,000,174 | ---- | C] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/19 01:28:48 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/10 17:13:26 | 000,000,004 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/10 17:13:25 | 000,870,128 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/02/10 17:02:16 | 000,000,730 | ---- | C] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 17:55:24 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/05 23:49:33 | 000,000,846 | ---- | C] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 01:06:21 | 000,002,412 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011/02/05 01:06:18 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2011/02/05 01:06:18 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2011/02/05 01:06:18 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2011/02/05 01:06:18 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2011/02/05 01:06:18 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2011/02/05 01:06:18 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2011/02/05 01:06:18 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2011/02/05 01:06:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2011/02/05 01:06:18 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2011/02/05 01:06:18 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/02/01 11:26:22 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/01/30 18:54:39 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/12/27 12:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/11/19 21:52:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/09/22 16:55:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pv_c3.exe
[2010/09/02 14:35:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/02 14:35:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/02 14:35:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/01 18:34:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/09/01 18:34:42 | 006,664,208 | ---- | C] () -- C:\Windows\System32\dvdripcore.dll
[2010/08/26 22:07:27 | 000,000,174 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/26 10:19:13 | 000,000,710 | ---- | C] () -- C:\ProgramData\.wtav
[2010/03/28 20:36:36 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/03/28 20:36:36 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/03/28 20:36:36 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/03/15 15:20:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/19 23:48:03 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2009/12/02 21:52:11 | 000,000,536 | ---- | C] () -- C:\Windows\Disney.ini
[2009/12/02 21:52:05 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/10/25 17:58:28 | 000,005,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/03 12:05:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/30 07:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/25 16:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/19 08:55:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 08:55:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/15 22:20:00 | 000,000,094 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\fusioncache.dat
[2009/08/11 19:35:48 | 000,000,100 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/11 14:24:31 | 000,001,356 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 00:38:41 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 00:29:36 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/30 22:20:28 | 000,136,704 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/22 14:30:17 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/22 13:58:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 05:17:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,333,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 001,474,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,423,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/01 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2010/10/25 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\AVG10
[2010/09/07 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\avidemux
[2010/08/21 18:20:28 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF
[2011/02/28 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\BitTorrent
[2010/01/23 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Broad Intelligence
[2010/01/21 13:59:49 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\CometNetwork
[2009/08/11 14:34:44 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DAEMON Tools Pro
[2009/10/18 21:49:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DriverCure
[2011/01/30 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FixCleaner
[2010/07/06 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\flatball
[2010/01/28 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FrostWire
[2011/02/01 11:31:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2010/12/20 12:06:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GrabPro
[2011/01/30 13:49:28 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\InfraRecorder
[2011/02/01 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2009/10/31 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Leadertech
[2011/02/03 23:37:15 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Local
[2010/05/11 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient
[2010/03/16 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/31 23:40:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\NCH Swift Sound
[2009/09/11 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\OpenOffice.org
[2011/01/29 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Orbit
[2010/12/20 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\ProgSense
[2009/10/27 09:03:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Recordpad
[2011/01/24 19:42:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Reviversoft
[2010/09/01 21:17:48 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\RipIt4Me
[2011/01/18 16:41:53 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\rockbox.org
[2011/02/19 14:59:31 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/01/30 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab
[2009/09/15 22:20:05 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Turbine
[2011/01/21 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\X-Chat 2
[2011/02/28 00:03:37 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\EGTZFTNE.job
[2011/02/28 00:03:37 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/02/28 00:02:08 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

No Extra.txt opened, and I can't seem to find one. So, I'm not posting that.

Still having issues in WMP. But otherwise, computer continues to run fine.

A thought on the OTL scan. I noticed that it's only checking files made or changed in the last 30 days. Should I try checking all files? I started having issues similar to this several months ago. Random BSOD's, redirected searches, ect. They were tolerable, so I dealt with them. Ran MBAM and AVG, and they seemed to fix the more glaring problems. But it's possible that I missed some things. Maybe checking all files will help?

Edited by fireman4it, 01 March 2011 - 02:34 PM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:28 AM

Posted 01 March 2011 - 02:53 PM

Hello,

A thought on the OTL scan. I noticed that it's only checking files made or changed in the last 30 days. Should I try checking all files? I started having issues similar to this several months ago. Random BSOD's, redirected searches, ect. They were tolerable, so I dealt with them. Ran MBAM and AVG, and they seemed to fix the more glaring problems. But it's possible that I missed some things. Maybe checking all files will help?


There is no need if the infection was still active it would be showing.


You Windows Media Player may have become corrupted do to this infection. I would reinstall it and see if it works then.
Windows Media player Download page

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
    FF - prefs.js..keyword.URL: "http://jixey.com/?id={C6615258-1EBF-4147-B549-C7C45F757004}&brand=&ver=2.2.7&src=adr&q="
    O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O13 - gopher Prefix: missing
    O33 - MountPoints2\{1cd98578-821f-11de-b6f5-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell - "" = AutoRun
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\adobe\command - "" = G:\goodies\ar405eng.exe
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\AutoRun\command - "" = G:\aocsetup.exe /autorun
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\setup\command - "" = G:\aocsetup.exe /autorun
    O33 - MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\Shell\zone\command - "" = G:\goodies\mszone\zonea660.exe
    O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell - "" = AutoRun
    O33 - MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
    [2009/10/25 17:58:28 | 000,005,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
    
    :Files
    C:\Program Files\Common Files\System\icm64.dll 
    C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml 
    C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll
    C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-71a0b320 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-37aeec28 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-184f4858
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\650cc4e4-625f819a 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-4ca65511 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-5f2283be 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4708433b-6e5bf320 
    C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-42e33a45
    C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\enemies-names.txt 
    C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\local.ini 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-6d122014 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-480b20ef 
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-18a6eba6
     
    :Commands
    [EMPTYTEMP]
    [PURITY] 
    [EMPTYFLASH]
    [RESETHOSTS]
    [REBOOT]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

2.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
    4.One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened



Things to include in your next reply:
OTL fix log
Otl.txt
How is your machine running now?

Edited by fireman4it, 01 March 2011 - 02:53 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 3080Cowboy

3080Cowboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 01 March 2011 - 05:34 PM

OTL fix:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
Prefs.js: "http://jixey.com/?id={C6615258-1EBF-4147-B549-C7C45F757004}&brand=&ver=2.2.7&src=adr&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cd98578-821f-11de-b6f5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cd98578-821f-11de-b6f5-806e6f6e6963}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\goodies\ar405eng.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\aocsetup.exe /autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\goodies\machine\machine.exe -l not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\goodies\machine\machine.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\aocsetup.exe /autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46d0a1b6-86b2-11de-85a5-001f16d37815}\ not found.
File G:\goodies\mszone\zonea660.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812419b3-c87a-11df-ab2a-001f16d37815}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{812419b3-c87a-11df-ab2a-001f16d37815}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812419b3-c87a-11df-ab2a-001f16d37815}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
File J:\setup.exe not found.
C:\ProgramData\xqkcebzs.dik moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Common Files\System\icm64.dll not found.
File\Folder C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml not found.
File\Folder C:\Users\Cowboy\AppData\Local\ovebevaxitig.dll not found.
File\Folder C:\Users\Cowboy\AppData\Local\ujeyudikugomuk.dll not found.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-71a0b320 moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-37aeec28 moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-184f4858 moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\650cc4e4-625f819a moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-4ca65511 moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-5f2283be moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4708433b-6e5bf320 moved successfully.
C:\Users\Cowboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-42e33a45 moved successfully.
C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\enemies-names.txt moved successfully.
C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF\local.ini moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-6d122014 moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-480b20ef moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-18a6eba6 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cowboy
->Temp folder emptied: 1503268 bytes
->Temporary Internet Files folder emptied: 9718549 bytes
->Java cache emptied: 60380773 bytes
->FireFox cache emptied: 44302376 bytes
->Google Chrome cache emptied: 145841380 bytes
->Flash cache emptied: 11733 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Woody
->Temp folder emptied: 10650648 bytes
->Temporary Internet Files folder emptied: 4843671 bytes
->Flash cache emptied: 42361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2945497 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2452430 bytes

Total Files Cleaned = 270.00 mb


[EMPTYFLASH]

User: All Users

User: Cowboy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Woody
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.1 log created on 03012011_154843

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL scan:


OTL logfile created on: 3/1/2011 3:57:10 PM - Run 3
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Cowboy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 3.34 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS

Computer Name: COWBOY-LAPTOP | User Name: Cowboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
PRC - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/06 22:24:32 | 001,866,864 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wmcmgc)
SRV - File not found [Auto | Stopped] -- -- (Ias)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 21:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/11 17:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/08/11 14:03:35 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/09 10:58:28 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/17 00:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 20:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ThePirateBay.org"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: VideoBar@meep.com:2.2.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 15:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/03 23:37:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/03 23:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 15:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 17:35:10 | 000,000,000 | ---D | M]

[2010/01/21 14:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions
[2010/01/19 23:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/02/28 23:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions
[2011/02/16 12:49:28 | 000,000,000 | ---D | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/01/30 18:40:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/29 15:22:27 | 000,001,635 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\firefox-add-ons.xml
[2011/02/12 18:52:37 | 000,002,567 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\hulu.xml
[2011/01/29 21:11:57 | 000,001,504 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\imdb.xml
[2011/01/29 15:24:20 | 000,002,072 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\msdn-search-with-google.xml
[2011/01/29 15:17:50 | 000,001,508 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\neweggcom.xml
[2011/01/29 15:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\thepiratebayorg.xml
[2011/01/29 15:16:43 | 000,002,057 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\Mozilla\Firefox\Profiles\5xpk2lox.default\searchplugins\youtube-video-search.xml
[2011/02/28 23:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/07 02:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/27 15:11:25 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/03 23:37:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/03 23:37:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/05/23 05:37:02 | 000,000,000 | ---D | M] (Meep Media Downloader) -- C:\PROGRAM FILES\MEEP\FF
[2011/02/07 02:22:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/27 12:55:52 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/03/01 15:49:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: wmcmgc - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 16:30:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/27 23:12:25 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/02/27 13:12:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
[2011/02/27 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Drop Down Deals
[2011/02/27 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/24 01:02:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/19 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/02/19 01:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/19 01:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/19 01:28:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/16 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Local\SCE
[2011/02/16 12:50:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/02/13 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\Malware Removal
[2011/02/13 07:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2011/02/13 07:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\UDK
[2011/02/13 07:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2011/02/12 21:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\IncCalc
[2011/02/10 17:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2011/02/10 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Media Player Classic
[2011/02/10 09:32:27 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\FMOD SoundBank Generator
[2011/02/10 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\FMOD SoundSystem
[2011/02/09 22:34:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/02/09 18:05:04 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Microsoft Games
[2011/02/07 02:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/07 02:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/02/05 02:19:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Desktop\ngspice-22
[2011/02/05 01:06:19 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2011/02/05 01:06:19 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2011/02/05 01:06:19 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2011/02/05 01:06:19 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2011/02/05 01:06:18 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2011/02/05 01:06:18 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2011/02/05 01:06:17 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2011/02/05 01:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2011/02/03 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Local
[2011/02/02 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\Documents\Dungeons and Dragons Online
[2011/02/01 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2011/02/01 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/02/01 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/02/01 11:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/02/01 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2011/02/01 11:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/02/01 11:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/02/01 11:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/01/31 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/01/31 22:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/30 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/01/30 18:54:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/01/30 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/01/30 18:53:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/30 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/01/30 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab

========== Files - Modified Within 30 Days ==========

[2011/03/01 16:00:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000UA.job
[2011/03/01 15:51:50 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/01 15:51:49 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/01 15:51:23 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/03/01 15:51:22 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\EGTZFTNE.job
[2011/03/01 15:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/01 15:49:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/01 14:21:26 | 000,002,577 | ---- | M] () -- C:\Users\Cowboy\Desktop\Facebook.lnk
[2011/03/01 12:14:52 | 107,481,423 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/01 01:14:52 | 000,870,128 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/03/01 01:14:52 | 000,000,004 | ---- | M] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/28 18:00:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-461877813-1299210132-1042163028-1000Core.job
[2011/02/27 13:12:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboy\Desktop\OTL.exe
[2011/02/26 00:07:32 | 000,000,665 | ---- | M] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/25 17:37:21 | 000,136,704 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 13:02:12 | 000,001,356 | ---- | M] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2011/02/22 20:40:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\&
[2011/02/22 16:57:19 | 000,000,174 | ---- | M] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/19 01:28:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/12 19:07:20 | 001,474,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/12 19:07:20 | 000,423,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 17:02:16 | 000,000,730 | ---- | M] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 22:31:10 | 000,333,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/09 22:15:06 | 000,000,174 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/02/09 17:55:24 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/08 18:59:48 | 000,223,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/05 23:49:33 | 000,000,846 | ---- | M] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 02:15:16 | 000,002,412 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2011/01/30 18:03:21 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/30 18:03:20 | 000,304,482 | ---- | M] () -- C:\ProgramData\nvModes.001

========== Files Created - No Company Name ==========

[2011/02/26 00:07:32 | 000,000,665 | ---- | C] () -- C:\Users\Cowboy\Desktop\Task Manager.lnk
[2011/02/24 01:01:46 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 01:01:46 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 01:01:46 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 20:40:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\&
[2011/02/22 16:57:00 | 000,000,174 | ---- | C] () -- C:\Users\Cowboy\defogger_reenable
[2011/02/19 01:28:48 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/10 17:13:26 | 000,000,004 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\B05751
[2011/02/10 17:13:25 | 000,870,128 | ---- | C] () -- C:\Users\Cowboy\AppData\Roaming\mcs.rma
[2011/02/10 17:02:16 | 000,000,730 | ---- | C] () -- C:\Users\Cowboy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/02/09 17:55:24 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2011/02/05 23:49:33 | 000,000,846 | ---- | C] () -- C:\Users\Cowboy\Desktop\Dungeons and Dragons Online.lnk
[2011/02/05 01:06:21 | 000,002,412 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011/02/05 01:06:18 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2011/02/05 01:06:18 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2011/02/05 01:06:18 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2011/02/05 01:06:18 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2011/02/05 01:06:18 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2011/02/05 01:06:18 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2011/02/05 01:06:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2011/02/05 01:06:18 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2011/02/05 01:06:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2011/02/05 01:06:18 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2011/02/05 01:06:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2011/02/05 01:06:18 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2011/02/05 01:06:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/02/01 11:26:22 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/01/30 18:54:39 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/12/27 12:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/11/19 21:52:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/09/22 16:55:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pv_c3.exe
[2010/09/02 14:35:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/02 14:35:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/02 14:35:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/01 18:34:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/09/01 18:34:42 | 006,664,208 | ---- | C] () -- C:\Windows\System32\dvdripcore.dll
[2010/08/26 22:07:27 | 000,000,174 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/26 10:19:13 | 000,000,710 | ---- | C] () -- C:\ProgramData\.wtav
[2010/03/28 20:36:36 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/03/28 20:36:36 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/03/28 20:36:36 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/03/15 15:20:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/19 23:48:03 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2009/12/02 21:52:11 | 000,000,536 | ---- | C] () -- C:\Windows\Disney.ini
[2009/12/02 21:52:05 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/03 12:05:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/30 07:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/25 16:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/19 08:55:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 08:55:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/15 22:20:00 | 000,000,094 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\fusioncache.dat
[2009/08/11 19:35:48 | 000,000,100 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/11 14:24:31 | 000,001,356 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 00:38:41 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 00:29:36 | 000,304,482 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/30 22:20:28 | 000,136,704 | ---- | C] () -- C:\Users\Cowboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/22 14:30:17 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/22 13:58:35 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 05:17:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,333,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 001,474,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,423,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/01 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Auslogics
[2010/10/25 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\AVG10
[2010/09/07 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\avidemux
[2011/03/01 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\B9ECADF8D337A1EFA6143F95AEDB54CF
[2011/03/01 15:51:58 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\BitTorrent
[2010/01/23 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Broad Intelligence
[2010/01/21 13:59:49 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\CometNetwork
[2009/08/11 14:34:44 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DAEMON Tools Pro
[2009/10/18 21:49:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\DriverCure
[2011/01/30 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FixCleaner
[2010/07/06 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\flatball
[2010/01/28 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\FrostWire
[2011/02/01 11:31:19 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GlarySoft
[2010/12/20 12:06:54 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\GrabPro
[2011/01/30 13:49:28 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\InfraRecorder
[2011/02/01 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\IObit
[2009/10/31 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Leadertech
[2011/02/03 23:37:15 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Local
[2010/05/11 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient
[2010/03/16 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/31 23:40:38 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\NCH Swift Sound
[2009/09/11 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\OpenOffice.org
[2011/01/29 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Orbit
[2010/12/20 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\ProgSense
[2009/10/27 09:03:00 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Recordpad
[2011/01/24 19:42:13 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Reviversoft
[2010/09/01 21:17:48 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\RipIt4Me
[2011/01/18 16:41:53 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\rockbox.org
[2011/02/19 14:59:31 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Sony Online Entertainment
[2011/01/30 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\SystemRequirementsLab
[2009/09/15 22:20:05 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\Turbine
[2011/01/21 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Cowboy\AppData\Roaming\X-Chat 2
[2011/03/01 15:51:22 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\EGTZFTNE.job
[2011/03/01 15:51:23 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/03/01 15:49:47 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 05:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

The fix seems to have reset some settings on my computer, like the annoying pop-up in vista that asks you if you really want to do something every time you do something. Also, it blocked peer block from running at start up. Should be an easy reset, assuming you are ok with it.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:28 AM

Posted 01 March 2011 - 06:29 PM

Hello, 3080Cowboy.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users