Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep getting redirected when I use google links


  • This topic is locked This topic is locked
32 replies to this topic

#1 Cynis

Cynis

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 26 February 2011 - 03:27 PM

Hi, for awhile now, maybe the past month or so, whenever I try to use Google I get redirected when I hit a link from the search page. I've used CCCleaner and Malwarebytes and Avast but the problem persists and the latter two programs don't find anything wrong. I'd like help getting this resolved as well as getting my problem with Windows Update fixed because I haven't been able to install updates for 8 or 9 months now and I'm sure that's not helping my security situation.

Thanks in advance!

eta: My operating system is Windows Vista 32-bit home premium. Please let me know what other information I can provide.

Edited by Cynis, 26 February 2011 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 26 February 2011 - 03:31 PM

Cynis,

Give this tool a try:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 February 2011 - 07:46 AM

SweetTech, I followed your directions and it said nothing malicious was found. Here is the log file:

2011/02/28 07:43:43.0976 4728 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 07:43:44.0376 4728 ================================================================================
2011/02/28 07:43:44.0376 4728 SystemInfo:
2011/02/28 07:43:44.0376 4728
2011/02/28 07:43:44.0376 4728 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/28 07:43:44.0376 4728 Product type: Workstation
2011/02/28 07:43:44.0376 4728 ComputerName: SENECAL-PC
2011/02/28 07:43:44.0376 4728 UserName: Aarons
2011/02/28 07:43:44.0376 4728 Windows directory: C:\Windows
2011/02/28 07:43:44.0376 4728 System windows directory: C:\Windows
2011/02/28 07:43:44.0376 4728 Processor architecture: Intel x86
2011/02/28 07:43:44.0376 4728 Number of processors: 2
2011/02/28 07:43:44.0376 4728 Page size: 0x1000
2011/02/28 07:43:44.0376 4728 Boot type: Normal boot
2011/02/28 07:43:44.0376 4728 ================================================================================
2011/02/28 07:43:44.0705 4728 Initialize success
2011/02/28 07:43:57.0911 4708 ================================================================================
2011/02/28 07:43:57.0911 4708 Scan started
2011/02/28 07:43:57.0911 4708 Mode: Manual;
2011/02/28 07:43:57.0911 4708 ================================================================================
2011/02/28 07:43:58.0551 4708 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/28 07:43:58.0594 4708 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/02/28 07:43:58.0658 4708 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/28 07:43:58.0693 4708 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/28 07:43:58.0728 4708 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/28 07:43:58.0887 4708 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/28 07:43:58.0948 4708 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/28 07:43:58.0994 4708 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/02/28 07:43:59.0059 4708 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/28 07:43:59.0120 4708 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/02/28 07:43:59.0160 4708 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/02/28 07:43:59.0187 4708 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/02/28 07:43:59.0210 4708 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/28 07:43:59.0235 4708 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/28 07:43:59.0319 4708 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/28 07:43:59.0344 4708 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/28 07:43:59.0445 4708 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/28 07:43:59.0486 4708 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/28 07:43:59.0531 4708 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/02/28 07:43:59.0572 4708 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/02/28 07:43:59.0608 4708 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/02/28 07:43:59.0651 4708 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 07:43:59.0695 4708 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/28 07:43:59.0789 4708 atikmdag (d9527f4bde7e18077a33623f0bc8eb86) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 07:43:59.0925 4708 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/28 07:44:00.0009 4708 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 07:44:00.0059 4708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/28 07:44:00.0081 4708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/28 07:44:00.0122 4708 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/28 07:44:00.0152 4708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/28 07:44:00.0183 4708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/28 07:44:00.0202 4708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/28 07:44:00.0231 4708 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/28 07:44:00.0299 4708 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/02/28 07:44:00.0341 4708 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 07:44:00.0368 4708 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/28 07:44:00.0415 4708 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/28 07:44:00.0473 4708 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/28 07:44:00.0517 4708 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/02/28 07:44:00.0535 4708 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/02/28 07:44:00.0579 4708 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/28 07:44:00.0616 4708 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/28 07:44:00.0699 4708 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/28 07:44:00.0762 4708 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/28 07:44:00.0824 4708 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/28 07:44:00.0844 4708 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/28 07:44:00.0870 4708 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/28 07:44:00.0919 4708 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/28 07:44:00.0966 4708 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 07:44:01.0023 4708 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/02/28 07:44:01.0076 4708 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/28 07:44:01.0145 4708 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/28 07:44:01.0209 4708 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/28 07:44:01.0289 4708 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/28 07:44:01.0327 4708 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/28 07:44:01.0378 4708 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 07:44:01.0431 4708 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/28 07:44:01.0478 4708 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/28 07:44:01.0525 4708 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 07:44:01.0561 4708 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/28 07:44:01.0595 4708 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 07:44:01.0633 4708 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/28 07:44:01.0664 4708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/28 07:44:01.0744 4708 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/28 07:44:01.0787 4708 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/28 07:44:01.0840 4708 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/28 07:44:01.0867 4708 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/28 07:44:01.0904 4708 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 07:44:01.0945 4708 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/28 07:44:02.0014 4708 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/28 07:44:02.0061 4708 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/02/28 07:44:02.0105 4708 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/28 07:44:02.0150 4708 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/28 07:44:02.0212 4708 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/28 07:44:02.0293 4708 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/02/28 07:44:02.0326 4708 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/28 07:44:02.0526 4708 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/28 07:44:02.0608 4708 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/28 07:44:02.0689 4708 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/28 07:44:02.0745 4708 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/28 07:44:02.0786 4708 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 07:44:02.0846 4708 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 07:44:02.0900 4708 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/28 07:44:02.0945 4708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/28 07:44:02.0997 4708 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/28 07:44:03.0032 4708 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/02/28 07:44:03.0078 4708 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/28 07:44:03.0113 4708 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/28 07:44:03.0140 4708 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/28 07:44:03.0173 4708 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/28 07:44:03.0208 4708 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/28 07:44:03.0260 4708 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/02/28 07:44:03.0311 4708 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 07:44:03.0380 4708 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 07:44:03.0433 4708 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/28 07:44:03.0461 4708 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/28 07:44:03.0486 4708 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/28 07:44:03.0529 4708 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/28 07:44:03.0557 4708 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/28 07:44:03.0594 4708 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/28 07:44:03.0644 4708 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/28 07:44:03.0688 4708 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 07:44:03.0720 4708 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 07:44:03.0752 4708 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 07:44:03.0792 4708 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/28 07:44:03.0822 4708 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/28 07:44:03.0863 4708 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 07:44:03.0901 4708 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/28 07:44:04.0074 4708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/28 07:44:04.0095 4708 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 07:44:04.0120 4708 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 07:44:04.0143 4708 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 07:44:04.0177 4708 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/02/28 07:44:04.0214 4708 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/28 07:44:04.0265 4708 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/28 07:44:04.0304 4708 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/28 07:44:04.0352 4708 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 07:44:04.0398 4708 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 07:44:04.0432 4708 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/28 07:44:04.0457 4708 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/28 07:44:04.0496 4708 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/28 07:44:04.0551 4708 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/28 07:44:04.0568 4708 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/28 07:44:04.0622 4708 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 07:44:04.0668 4708 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/28 07:44:04.0717 4708 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 07:44:04.0767 4708 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 07:44:04.0812 4708 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 07:44:04.0851 4708 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/28 07:44:04.0889 4708 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 07:44:04.0929 4708 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 07:44:05.0011 4708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/28 07:44:05.0061 4708 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/28 07:44:05.0106 4708 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 07:44:05.0167 4708 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/28 07:44:05.0214 4708 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/28 07:44:05.0266 4708 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/28 07:44:05.0304 4708 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/28 07:44:05.0331 4708 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/28 07:44:05.0361 4708 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/02/28 07:44:05.0425 4708 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/28 07:44:05.0472 4708 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/28 07:44:05.0506 4708 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/28 07:44:05.0537 4708 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/28 07:44:05.0589 4708 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/28 07:44:05.0618 4708 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/28 07:44:05.0643 4708 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/28 07:44:05.0691 4708 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/28 07:44:05.0826 4708 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 07:44:05.0858 4708 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/28 07:44:05.0926 4708 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 07:44:06.0000 4708 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/28 07:44:06.0058 4708 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/28 07:44:06.0105 4708 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/28 07:44:06.0156 4708 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 07:44:06.0239 4708 R300 (d9527f4bde7e18077a33623f0bc8eb86) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 07:44:06.0278 4708 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 07:44:06.0323 4708 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 07:44:06.0373 4708 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 07:44:06.0419 4708 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 07:44:06.0462 4708 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 07:44:06.0501 4708 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 07:44:06.0548 4708 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/02/28 07:44:06.0567 4708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 07:44:06.0611 4708 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/28 07:44:06.0700 4708 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/02/28 07:44:06.0756 4708 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 07:44:06.0809 4708 SaiK0728 (699f61ff515edaa2ec8316191d8662d4) C:\Windows\system32\DRIVERS\SaiK0728.sys
2011/02/28 07:44:06.0864 4708 SaiK0CCB (0f829f274ed65588e4cc4b31d27c00de) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
2011/02/28 07:44:06.0904 4708 SaiMini (efba10cb0c3ee71f51b78b962c4af7ab) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/02/28 07:44:06.0948 4708 SaiNtBus (80a49657dc00e338b2c7aa994cf1dbc8) C:\Windows\system32\drivers\SaiBus.sys
2011/02/28 07:44:07.0003 4708 SaiU0CCB (d1f108ab310abc483f4ad0a1060668fe) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
2011/02/28 07:44:07.0047 4708 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/28 07:44:07.0108 4708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/28 07:44:07.0157 4708 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/02/28 07:44:07.0214 4708 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/28 07:44:07.0241 4708 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/28 07:44:07.0295 4708 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/28 07:44:07.0351 4708 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/28 07:44:07.0373 4708 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/28 07:44:07.0394 4708 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/28 07:44:07.0413 4708 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/28 07:44:07.0459 4708 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/02/28 07:44:07.0491 4708 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/28 07:44:07.0520 4708 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/28 07:44:07.0581 4708 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/28 07:44:07.0641 4708 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/28 07:44:07.0709 4708 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2011/02/28 07:44:07.0740 4708 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 07:44:07.0765 4708 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 07:44:07.0843 4708 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/28 07:44:07.0884 4708 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/28 07:44:07.0910 4708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/28 07:44:07.0934 4708 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/28 07:44:08.0023 4708 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2011/02/28 07:44:08.0071 4708 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 07:44:08.0098 4708 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 07:44:08.0139 4708 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/28 07:44:08.0182 4708 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/28 07:44:08.0222 4708 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 07:44:08.0261 4708 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/28 07:44:08.0339 4708 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 07:44:08.0376 4708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/28 07:44:08.0414 4708 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 07:44:08.0451 4708 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/28 07:44:08.0512 4708 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 07:44:08.0561 4708 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/28 07:44:08.0598 4708 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/28 07:44:08.0637 4708 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/28 07:44:08.0677 4708 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/28 07:44:08.0726 4708 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/28 07:44:08.0793 4708 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/28 07:44:08.0847 4708 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/28 07:44:08.0883 4708 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/28 07:44:08.0940 4708 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 07:44:09.0005 4708 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/28 07:44:09.0038 4708 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/28 07:44:09.0087 4708 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 07:44:09.0131 4708 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/28 07:44:09.0157 4708 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/28 07:44:09.0197 4708 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 07:44:09.0261 4708 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 07:44:09.0293 4708 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/28 07:44:09.0329 4708 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/02/28 07:44:09.0354 4708 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/28 07:44:09.0377 4708 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/02/28 07:44:09.0411 4708 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/28 07:44:09.0456 4708 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/28 07:44:09.0484 4708 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/28 07:44:09.0521 4708 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/28 07:44:09.0575 4708 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/02/28 07:44:09.0609 4708 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/28 07:44:09.0677 4708 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/02/28 07:44:09.0704 4708 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 07:44:09.0722 4708 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 07:44:09.0788 4708 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/28 07:44:09.0827 4708 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 07:44:09.0911 4708 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/28 07:44:10.0005 4708 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/28 07:44:10.0093 4708 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/28 07:44:10.0134 4708 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 07:44:10.0192 4708 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 07:44:10.0229 4708 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/28 07:44:10.0289 4708 ================================================================================
2011/02/28 07:44:10.0289 4708 Scan finished
2011/02/28 07:44:10.0289 4708 ================================================================================

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 28 February 2011 - 01:05 PM

Cynis,

The issues you are experiencing led me to believe that you are infected with malware. Unfortunately, in the Am I Infected forum, we are severely limited by which tools we are allowed to use. To solve this issue, I will ask that this thread be moved to the Malware forum, where we will be able to use more advanced tools.

Below you will find my standard introduction speech that i provide to all my users that contains some basic guidelines for things I'd like you to been made aware of when we are working together.

After this guidelines you will find some more instructions for you to complete.

____________________________________________________

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 PM

Posted 28 February 2011 - 01:17 PM

Moving to the log forum for you. The link remains the same. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 February 2011 - 04:58 PM

Cynis,

The issues you are experiencing led me to believe that you are infected with malware. Unfortunately, in the Am I Infected forum, we are severely limited by which tools we are allowed to use. To solve this issue, I will ask that this thread be moved to the Malware forum, where we will be able to use more advanced tools.


ST, no problem!

Below you will find my standard introduction speech that i provide to all my users that contains some basic guidelines for things I'd like you to been made aware of when we are working together.

After this guidelines you will find some more instructions for you to complete.

____________________________________________________

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.


I tried using Google on the computer today and the links seems to be working ok now in Explorer but my sons said that we are still being hijacked in Firefox. I will test this when I get home.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


Thanks! I will run these tonight and get the logs posted for you to analyze.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 28 February 2011 - 05:26 PM

Cynis,

That's no problem. I'll await your response with the logs. If you experience any issues or problems, please be sure to let me know.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 February 2011 - 06:59 PM

UnHooker Report:
------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E80C000 C:\Windows\system32\DRIVERS\atikmdag.sys 7741440 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82009000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82009000 PnpManager 3903488 bytes
0x82009000 RAW 3903488 bytes
0x82009000 WMIxWDM 3903488 bytes
0x98060000 Win32k 2109440 bytes
0x98060000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F602000 C:\Windows\system32\drivers\RTKVHDA.sys 1769472 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8A207000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82677000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F008000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8A004000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA6D1E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F10B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9C00B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A118000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E401000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80602000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82606000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9C0DE000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6C7E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x982B0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8E521000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80727000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F544000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80495000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EF7A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F41B000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8E4D4000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FA0E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8E48E000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x827AD000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA6C06000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A317000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FBBE000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x805C6000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823C2000 ACPI_HAL 208896 bytes
0x823C2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB4A01000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x807C3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F512000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E5A5000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F45A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82782000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E56B000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6CF6000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8FA6B000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x8A367000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA6C57000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FB66000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x8F487000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FB1D000 C:\Windows\system32\DRIVERS\SaiK0CCB.sys 151552 bytes (Saitek, Saitek Hid Driver)
0x8EFC6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8FADE000 C:\Windows\system32\DRIVERS\SaiK0728.sys 143360 bytes (Saitek, Saitek Hid Driver)
0x8A39F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9C196000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F7DE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9C1B7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807A5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C14B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A0EE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FBA3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9C168000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F1D7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6C3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FA54000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E5DF000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FAB2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB4A34000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F591000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F4DE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9C181000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A1CD000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA6CCC000 C:\Windows\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0x8FB08000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8F5C8000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8A1B9000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F4FE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9C0CB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F5B5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9C1EC000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA6CE1000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8A38E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F406000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805B6000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E595000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9C0BB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078D000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A1E2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A109000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FB94000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A358000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80709000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EFE9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E512000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80718000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x982A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F5A7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F4C7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80778000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8FA92000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FB59000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x8F1BF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x827F2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FB42000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8067E000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9C1E0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F5DD000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8F7D2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EF6E000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FA9F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8F1CC000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8E800000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A1F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F4BC000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EFBB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E5D4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8FA00000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8A3E9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E4C9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8F4F4000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8FAD4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x827E8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FA4A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E5F6000 C:\Windows\system32\drivers\SaiBus.sys 40960 bytes (Saitek, Saitek Magic Bus)
0x9C1D6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FB4F000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x8A3C0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FB8B000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x8F7BB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FACB000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F7B2000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xB4A4A000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807F5000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F4D5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98280000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A3F4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8079D000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FAAA000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8F000000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F4AC000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F4B4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A350000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8EFF8000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0x9C000000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F7CB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F1F7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80771000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F7C4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80786000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FB01000 C:\Windows\system32\DRIVERS\SaiU0CCB.sys 28672 bytes (Saitek, Saitek Usb Driver)
0x8F1EF000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F58C000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xA6CF2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F417000 C:\Windows\system32\DRIVERS\SaiMini.sys 16384 bytes (Saitek, Saitek Magic Mini Driver)
0x8FBF5000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8F1FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FAC9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8F1F5000 C:\Windows\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
==============================================
>Stealth
==============================================
0x06A40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 102400 bytes
0x007B0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 110592 bytes
0x011C0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 110592 bytes
0x07840000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 118784 bytes
0x073A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 126976 bytes
0x07230000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 143360 bytes
0x08160000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 1519616 bytes
0x08FC0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 1683456 bytes
0x06B60000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 208896 bytes
0x07360000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 225280 bytes
0x052A0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 258048 bytes
0x00940000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 28672 bytes
0x00970000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 28672 bytes
0x00F30000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x00F50000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x01E60000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x03FB0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x03FD0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x03FE0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x04A50000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x04A10000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x04A20000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x04A60000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05250000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05260000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x052F0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05440000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05460000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x055E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x055F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05920000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x05BB0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06180000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x064C0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x063E0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x064A0000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x064B0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06510000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06EE0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06F10000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06F20000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x06F30000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x07830000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 28672 bytes
0x07760000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 339968 bytes
0x077C0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 364544 bytes
0x03E30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 36864 bytes
0x01200000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x03FA0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x03FC0000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x05240000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x052E0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x05B90000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x05E50000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x05EA0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x05EF0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x063A0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x064F0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x06D30000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 36864 bytes
0x07970000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 372736 bytes
0x071A0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 413696 bytes
0x07BA0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 438272 bytes
0x074C0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 446464 bytes
0x00900000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 45056 bytes
0x00910000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 45056 bytes
0x009E0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x00F20000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x00FD0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x01E70000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x05BA0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x05BC0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x05E90000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x05EE0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 45056 bytes
0x06410000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x87320110 ] PID: 3076, 471040 bytes
0x06CA0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 479232 bytes
0x07550000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 487424 bytes
0x06E50000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 495616 bytes
0x01D20000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 53248 bytes
0x01230000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x01E50000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x01E80000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x03FF0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x04A30000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x05B80000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x05CE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x05EB0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x06120000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x06360000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x06390000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x06490000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x064E0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x06D20000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 53248 bytes
0x082E0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 602112 bytes
0x00F40000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 61440 bytes
0x05EC0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 61440 bytes
0x06300000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 61440 bytes
0x063D0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x87320110 ] PID: 3076, 61440 bytes
0x075D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 675840 bytes
0x00920000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87559D90 ] PID: 1420, 69632 bytes
0x00FA0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87320110 ] PID: 3076, 69632 bytes
0x05270000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 69632 bytes
0x05F00000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 69632 bytes
0x062A0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 69632 bytes
0x062E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 69632 bytes
0x079D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 700416 bytes
0x05570000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x87320110 ] PID: 3076, 77824 bytes
0x05900000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 77824 bytes
0x05E20000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x87320110 ] PID: 3076, 77824 bytes
0x06160000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 77824 bytes
0x06330000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 77824 bytes
0x08790000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 806912 bytes
0x01210000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 86016 bytes
0x05D00000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x87320110 ] PID: 3076, 86016 bytes
0x07210000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 86016 bytes
0x07680000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x87320110 ] PID: 3076, 913408 bytes

#9 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 February 2011 - 07:06 PM

OTL.txt
----------

OTL logfile created on: 2/28/2011 7:00:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Aarons\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 54.25 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.63 Gb Free Space | 56.29% Space Free | Partition Type: NTFS

Computer Name: SENECAL-PC | User Name: Aarons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 18:59:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Aarons\Desktop\OTL.exe
PRC - [2011/02/25 12:49:02 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/11/30 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/11/29 15:54:58 | 002,402,696 | ---- | M] () -- C:\Program Files\Kaspersky Security Scan\KSS.exe
PRC - [2010/11/23 17:46:11 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/11/08 10:35:21 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/29 11:54:00 | 000,123,392 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2010/07/29 11:53:38 | 000,227,840 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009/09/17 07:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2009/09/17 01:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/09/17 01:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2009/09/04 11:55:36 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/05 19:26:06 | 000,368,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2007/04/13 16:33:32 | 000,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\TabUserW.exe
PRC - [2007/04/13 16:32:50 | 001,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 18:59:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Aarons\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/25 12:49:02 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/22 14:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/17 07:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2009/09/17 01:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2009/09/17 01:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2009/04/16 17:46:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/24 22:13:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/04/13 16:32:50 | 001,189,424 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/10 03:40:26 | 000,138,760 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV - [2010/08/10 03:40:26 | 000,035,336 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV - [2009/09/17 07:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009/09/08 02:44:23 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/09/08 02:44:23 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/09/08 02:44:02 | 000,130,568 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2009/05/03 22:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/01/28 00:39:04 | 003,170,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/01/28 00:39:04 | 003,170,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 13:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080725
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080725
IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {75739dec-72db-4020-aa9a-6afa6744759b}:0.3.0.20100706
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb9bd06&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 10:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/26 15:13:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/18 10:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/06/12 18:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Extensions
[2010/06/12 18:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/28 17:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Firefox\Profiles\p53myv2y.default\extensions
[2009/06/26 14:11:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Firefox\Profiles\p53myv2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 23:14:29 | 000,000,000 | ---D | M] (Extension Developer) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Firefox\Profiles\p53myv2y.default\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2010/07/28 23:12:49 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Firefox\Profiles\p53myv2y.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/28 23:15:55 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Aarons\AppData\Roaming\Mozilla\Firefox\Profiles\p53myv2y.default\extensions\zotero@chnm.gmu.edu
[2011/02/25 02:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 17:21:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/02 05:43:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 08:58:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 02:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/07 10:24:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/11/30 16:37:44 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2009/09/08 22:46:52 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Aarons\Pictures\Peterborough falls.bmp
O24 - Desktop BackupWallPaper: C:\Users\Aarons\Pictures\Peterborough falls.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\Shell - "" = AutoRun
O33 - MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{650cb783-2f87-11de-b3ab-001d099b3423}\Shell\AutoRun\command - "" = L:\PMB_Portable.exe
O33 - MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\Shell - "" = AutoRun
O33 - MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 18:59:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Aarons\Desktop\OTL.exe
[2011/02/26 15:14:25 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/02/25 02:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/25 02:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/25 02:21:16 | 000,000,000 | ---D | C] -- C:\Users\Aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/25 02:08:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/25 02:08:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/25 02:08:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/25 02:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/21 11:09:14 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aarons\Desktop\TDSSKiller.exe
[2011/02/20 21:12:35 | 000,000,000 | ---D | C] -- C:\Users\Aarons\Desktop\Senecal dw06lessons
[2011/02/04 12:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/04 12:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/04 12:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/31 01:18:14 | 000,000,000 | ---D | C] -- C:\Users\Aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/01/31 01:16:36 | 000,000,000 | ---D | C] -- C:\Users\Aarons\AppData\Local\Apps
[2011/01/31 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Aarons\AppData\Local\Deployment

========== Files - Modified Within 30 Days ==========

[2011/02/28 18:59:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Aarons\Desktop\OTL.exe
[2011/02/28 18:57:05 | 000,063,130 | ---- | M] () -- C:\Users\Aarons\Desktop\UnHookerReport
[2011/02/28 18:53:29 | 000,133,632 | ---- | M] () -- C:\Users\Aarons\Desktop\RKUnhookerLE.EXE
[2011/02/28 18:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1095388610-3448419138-2822967507-1000UA.job
[2011/02/28 18:03:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 18:03:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 16:03:55 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\UWAFP.job
[2011/02/28 16:03:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 07:42:21 | 001,257,772 | ---- | M] () -- C:\Users\Aarons\Desktop\tdsskiller.zip
[2011/02/28 01:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1095388610-3448419138-2822967507-1000Core.job
[2011/02/27 15:46:33 | 000,788,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 15:46:33 | 000,172,310 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/26 20:58:39 | 000,000,214 | ---- | M] () -- C:\Users\Aarons\Desktop\Medieval II Total War.url
[2011/02/26 20:57:45 | 000,016,402 | ---- | M] () -- C:\Users\Aarons\Documents\Steam_Total_War_II_Receipt.pdf
[2011/02/26 15:06:31 | 290,855,500 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/25 02:21:54 | 000,002,525 | ---- | M] () -- C:\Users\Aarons\Desktop\HiJackThis.lnk
[2011/02/25 02:09:04 | 000,000,680 | ---- | M] () -- C:\Users\Aarons\AppData\Local\d3d9caps.dat
[2011/02/25 02:06:31 | 000,003,404 | ---- | M] () -- C:\Users\Aarons\Documents\cc_20110225_020624.reg
[2011/02/24 07:29:26 | 000,016,512 | ---- | M] () -- C:\Users\Aarons\AppData\Roaming\wklnhst.dat
[2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aarons\Desktop\TDSSKiller.exe
[2011/02/19 23:46:54 | 000,000,771 | ---- | M] () -- C:\Users\Aarons\Desktop\WORLD OF WARCRAFT.LNK
[2011/02/16 22:44:32 | 000,015,872 | ---- | M] () -- C:\Users\Aarons\Documents\song poem.wps
[2011/02/11 15:22:29 | 000,002,049 | ---- | M] () -- C:\Users\Aarons\Desktop\Google Chrome.lnk
[2011/02/11 15:22:29 | 000,002,011 | ---- | M] () -- C:\Users\Aarons\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/10 22:31:42 | 000,017,920 | ---- | M] () -- C:\Users\Aarons\Documents\Untitled Document.wps
[2011/02/04 12:53:34 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/01 20:21:18 | 000,033,755 | ---- | M] () -- C:\Users\Aarons\Desktop\EllieTurboTax.pdf

========== Files Created - No Company Name ==========

[2011/02/28 18:57:05 | 000,063,130 | ---- | C] () -- C:\Users\Aarons\Desktop\UnHookerReport
[2011/02/28 18:53:25 | 000,133,632 | ---- | C] () -- C:\Users\Aarons\Desktop\RKUnhookerLE.EXE
[2011/02/28 07:42:14 | 001,257,772 | ---- | C] () -- C:\Users\Aarons\Desktop\tdsskiller.zip
[2011/02/26 20:58:39 | 000,000,214 | ---- | C] () -- C:\Users\Aarons\Desktop\Medieval II Total War.url
[2011/02/26 20:57:45 | 000,016,402 | ---- | C] () -- C:\Users\Aarons\Documents\Steam_Total_War_II_Receipt.pdf
[2011/02/26 15:06:31 | 290,855,500 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/25 02:21:16 | 000,002,525 | ---- | C] () -- C:\Users\Aarons\Desktop\HiJackThis.lnk
[2011/02/25 02:06:29 | 000,003,404 | ---- | C] () -- C:\Users\Aarons\Documents\cc_20110225_020624.reg
[2011/02/16 22:44:32 | 000,015,872 | ---- | C] () -- C:\Users\Aarons\Documents\song poem.wps
[2011/02/04 12:53:34 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/01 20:21:18 | 000,033,755 | ---- | C] () -- C:\Users\Aarons\Desktop\EllieTurboTax.pdf
[2011/01/31 01:18:17 | 000,002,049 | ---- | C] () -- C:\Users\Aarons\Desktop\Google Chrome.lnk
[2011/01/31 01:18:17 | 000,002,011 | ---- | C] () -- C:\Users\Aarons\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/31 01:17:14 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1095388610-3448419138-2822967507-1000UA.job
[2011/01/31 01:17:12 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1095388610-3448419138-2822967507-1000Core.job
[2011/01/26 22:14:18 | 000,197,120 | ---- | C] () -- C:\Windows\Zxemea.exe
[2010/12/25 04:10:59 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/12/25 04:10:59 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/27 14:35:32 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/05/02 19:28:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/18 16:15:33 | 000,000,680 | ---- | C] () -- C:\Users\Aarons\AppData\Local\d3d9caps.dat
[2010/03/06 14:26:10 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/13 01:07:55 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/12/06 13:53:12 | 000,000,094 | ---- | C] () -- C:\Users\Aarons\AppData\Local\fusioncache.dat
[2009/10/27 20:32:24 | 000,000,344 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/10/06 21:08:31 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/09/05 09:46:00 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/09/05 09:45:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/09/05 09:45:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/09/05 09:45:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/08/26 20:37:55 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/26 20:37:55 | 000,000,168 | RHS- | C] () -- C:\ProgramData\DD7465DC67.sys
[2009/08/07 16:28:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 16:28:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/22 21:07:26 | 000,000,386 | ---- | C] () -- C:\Windows\AvDetected.ini
[2009/06/06 08:37:48 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/05/30 11:28:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/30 11:28:26 | 000,012,894 | ---- | C] () -- C:\Windows\scunin.dat
[2009/04/24 20:56:09 | 000,148,928 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/04/24 20:55:26 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/04/18 07:05:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 23:12:10 | 000,016,512 | ---- | C] () -- C:\Users\Aarons\AppData\Roaming\wklnhst.dat
[2009/04/10 20:32:52 | 000,008,248 | ---- | C] () -- C:\Users\Aarons\AppData\Local\en.ini
[2009/02/14 11:05:23 | 000,099,840 | ---- | C] () -- C:\Users\Aarons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/25 05:33:48 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/25 05:33:48 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/25 05:33:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/25 05:33:48 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/25 05:33:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/07/25 05:33:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/07/25 05:33:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/07/25 05:33:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/25 05:33:46 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/07/25 05:33:45 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/07/24 21:39:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 002,340,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,788,610 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,172,310 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/05/02 18:05:30 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe

< End of report >

#10 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 February 2011 - 07:08 PM

Extras.txt
-----------

OTL Extras logfile created on: 2/28/2011 7:00:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Aarons\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 54.25 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.63 Gb Free Space | 56.29% Space Free | Partition Type: NTFS

Computer Name: SENECAL-PC | User Name: Aarons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = jsfile] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*

[HKEY_USERS\S-1-5-21-1095388610-3448419138-2822967507-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11EB637C-BEE9-40AA-BB43-AF96EB1B6A97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{29DCAC86-302E-4802-8CDE-217D21B3D41A}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{48017AF0-5A75-466C-B6ED-D2D51860EED1}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{494D1792-35F0-467D-93BC-D628543DFF8E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{B46D029F-8096-44FD-855A-45F6685798AB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{B6BD19A6-81F4-4D65-B19D-0E9DACA80BAF}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E88CD17F-784C-4A2C-B5BD-141EC93D15CF}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{F88D2425-C765-4342-B2C7-F77299AC8741}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE61072E-7573-4132-A6EF-7F830D5A43FB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{116F4BCB-D7BB-4406-99B4-CC1185FDF6F0}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{1C903825-7E34-4EAA-BB28-DD0DF7666EC7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe |
"{1CBAE8FA-4BB3-4A51-B00E-67231C893B5A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1EE69BFE-5DBC-4E50-8354-F341346C73F5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{1FD8DBFA-0874-47AB-ACBF-A10A735A5273}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{202C77BB-1BF6-4591-B226-BE87C0775C40}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{26899FD2-13BC-412D-B37F-9C2D5515F532}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{2BEAB961-B830-43C1-B039-AADFD24EAE6B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{351BCBFC-5534-464B-8EA0-CA430DA0142C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{36B8CDA8-92BC-4BBC-8D88-E540423596BC}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{41A4B29F-7F33-43AE-A540-8C9DC75DED9F}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{428FF428-CD56-4B12-8386-9656E6FA1414}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{47D97CBA-B16F-40A5-B8F3-D9E2FEA0C005}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kings bounty armored princess - demo\kb.exe |
"{49D56E15-414D-4DDE-B303-63453F6C9509}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{548A09A3-35F1-4517-9517-00539F31D8F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{578773E1-340D-48A6-B83F-384E89AD66B7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{59C76E8E-A31D-4928-94C3-8B227C539561}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{5D3A29B0-2D18-400E-9384-E5B3A8239454}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{5D429560-D7EC-42AF-9B38-706810CF9636}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{615D51A3-B800-447A-AE23-64BCE12170DF}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{667009F1-7D99-4C2F-8872-F293E5471CCD}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{6A4A721A-D40A-46F1-A2AE-8C2254E37E48}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe |
"{6B01CFDD-BA68-4B0E-88B2-86AA3FF82AF8}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{6F45E5FD-AF11-45F0-B7A5-F6B8577C4A35}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7F8AE7D1-DB79-4AB4-9631-FE29C4C07FC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{860EB5E4-9F9F-4D12-84F3-F508D5B27A6E}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{87BF9B82-4B1F-44C6-BCCB-E79D3BC4D6D9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{87C0A34E-4C04-404E-9797-2502E88023E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89FCB1DF-3FF7-4664-AED3-0C3E1BE8E044}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8B0F887F-20A8-4048-92FA-5B53C23AA528}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{8D69CA35-F479-42D4-A94A-3FB73C8998DE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{90BC1069-7E1B-41D1-B24A-A0D46E5B4F38}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{9303F84E-11AE-4150-9CDE-E65BE919CCB4}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{95C74A9A-0899-4A5B-A3CA-D8F9A2BBE122}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{961F6401-209D-444E-B0AD-B193BBFBF794}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9B9BCE59-C584-4378-A573-3DE1AB6A775A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9F30C968-2315-4097-9941-5A1BF76B85BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0D03A82-9736-4D1C-A26A-4DA03B3B1B54}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A2A1FBBC-A131-45FA-996C-0374C47F2B74}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{A730F01C-2315-4E6F-9538-81DF181045DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A7CD07FA-6C9D-4430-AC29-E261C445EEC1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AB8BE35B-C08A-4F4C-84AE-91AE12E9EE30}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{AF2063DD-7FD3-4FE1-8A58-D07BD6F9CA9F}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{B17A7BA9-B986-428D-B825-270666C8C42C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B32DDC79-968D-471E-8DF0-3FC938DD16AE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{B3EAFB79-BFE6-45D0-B1ED-185FE29EEB28}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{B9458815-0FBC-4E82-91F4-B382742CB41B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CA01BC74-BA1F-492C-B966-5AA7A8D710D2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CB0F62BA-1728-4514-9F43-F1C502425AE2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe |
"{DFBF7508-7F91-4A03-A66A-9F79E754A2D9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E7C663F0-2BA7-4B8D-9DFA-0111E98E3297}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{EBFBC78B-45F0-40F5-9DF0-7947403923F4}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{EE46C65A-ECDE-486D-BB76-671151014AAD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F660D442-9D92-49E1-B153-D244B08AD619}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kings bounty armored princess - demo\kb.exe |
"{F8CB0BA5-AE65-4131-9687-1E2EC441F114}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{F9D68DBC-9C5C-4F01-8B46-02B6F08B20BA}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FA4CD4F0-F718-4361-8900-90E949F8EC09}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FCEC9330-EDEB-4098-BDDD-912B9875443C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe |
"TCP Query User{04CAF1B6-A668-4491-933E-35244DCEEF9C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0A054E93-F1C0-46F5-94AA-45312F4FDFD8}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"TCP Query User{1B535532-64D5-45E4-99FF-46DCDB842015}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{35734B5E-A341-453E-BB02-04F5D70A1595}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{38F3937F-1C16-47B3-A737-9A0424AAAD42}C:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"TCP Query User{3A4EA030-4D48-4BBF-A0E8-031FA891D3E0}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{40643D78-BB16-4573-98F8-D13F478849B9}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"TCP Query User{455271FE-90BF-437F-88FE-FBD1C0286100}C:\program files\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\blizzard downloader.exe |
"TCP Query User{45BDF743-1827-456E-B30A-44524E0E6B68}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{50B37069-DAC2-4425-A046-8FE30F86DDA8}C:\program files\steam\steamapps\kevsen814\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kevsen814\team fortress 2\hl2.exe |
"TCP Query User{5951CBB2-8344-48B8-A77A-9E98D7F0343D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{60C5DFE0-C5FB-4B37-B661-D2A0CA72B7DC}C:\users\aarons\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\aarons\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe |
"TCP Query User{614FAE1F-7197-47F9-92B7-FE3512DE94AC}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{633C0FE0-8472-4C4E-9E70-B237796B4DF0}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{7433C882-090B-41D4-A1F5-3B73D3F4965C}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{9080FF5D-5D8B-4240-9286-588833B9BAB7}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{9708EF2D-A5CC-4F25-BEA9-F22669A47691}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{9E98D9A5-590F-41B7-B610-AF77D8A2123A}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{A541E365-72E8-481A-AB02-63660F7959DC}C:\program files\entropia universe\bin32\entropia.exe" = protocol=6 | dir=in | app=c:\program files\entropia universe\bin32\entropia.exe |
"TCP Query User{D407D89F-AB0A-49AB-BD62-9F8ADD55E258}C:\program files\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe |
"TCP Query User{EE25E999-3A5A-40E2-B586-5EFAD51D7A1A}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{0E55AA1A-528F-459E-9D2B-B38200E27278}C:\users\aarons\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\aarons\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe |
"UDP Query User{1602FFA1-4DDF-4A25-B674-86F900178B57}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2501D6B1-A943-45FF-AF8B-6B3F413FD974}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{2CCECD82-6595-4CCB-8D4F-4B191CD697A4}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{2D10C16B-343C-493C-874F-1A5D1951A436}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{5100B1E0-B694-476A-B31F-D3FC68DAF7AD}C:\program files\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe |
"UDP Query User{5E0F1792-7FBB-4237-BFAE-04DB4EF58701}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{6263D79C-FF4A-4B1D-8BF7-2900C06277EF}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{6860F483-1CC2-4A5F-B00D-56122CC75C05}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{7661C4D7-577E-4A1C-AE2E-842587B4D260}C:\program files\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\blizzard downloader.exe |
"UDP Query User{8B4A6B5A-349F-45F9-8836-6F8ACCA9437D}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{98988A5E-6968-4BB9-92B8-033E34168AD8}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{A913B48E-B8B1-42AA-85FC-7739C1413B64}C:\program files\entropia universe\bin32\entropia.exe" = protocol=17 | dir=in | app=c:\program files\entropia universe\bin32\entropia.exe |
"UDP Query User{AF9F5582-9018-4431-9F4E-CF792714D740}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D87C12BC-1FC0-4D8E-B98B-CE54E5E102E7}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DB7C1D12-005C-4F64-A99B-94BB67C0D430}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{EF29ACAE-29B6-4421-9E3E-87C6F2BCB51E}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"UDP Query User{F4A4FE4D-80B6-4016-90F8-FFB2CD838A8F}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{F9289945-20C9-4657-A84D-6DF6A97EA8F6}C:\program files\steam\steamapps\kevsen814\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kevsen814\team fortress 2\hl2.exe |
"UDP Query User{FCA5CF6C-9FEC-402B-8B8F-F690DA546566}C:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"UDP Query User{FDB17C6D-EF08-47E0-AEEC-FCDA9C597C9E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B66E37-AD9A-4E7C-6AFE-3365DC1C6147}" = Catalyst Control Center Localization Japanese
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B031784-8A94-5531-8C60-343607CAD7F9}" = CCC Help Italian
"{0B232420-6BC9-F6B1-4AEB-95CFA30BF0A1}" = Catalyst Control Center Localization French
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D62121B-0361-47CD-8712-5B2F5D8D1C9C}" = Smart Technology Programming Software 7.0.2.7
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12D9828A-4DC8-013E-524E-F6362F1D9664}" = Catalyst Control Center Localization Chinese Traditional
"{1511C73D-0F45-8C5D-B69F-1BABA56E448B}" = CCC Help Thai
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E64834-4AD7-2DD8-5D73-E8DC71A862E9}" = CCC Help Japanese
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{16EEFA60-7BA9-E33B-4375-677D5F6C4D81}" = Catalyst Control Center Localization Korean
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BCB0F0-BCCE-93D9-2AB3-05DD4D3B68FA}" = CCC Help Hungarian
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D9A3AAB-EE6A-5F08-6D23-AFF10D5C0EC9}" = Catalyst Control Center Localization Turkish
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21E77392-C30A-4AA2-8CA7-5728316939D6}" = AmpliTube X-GEAR
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{324355BF-83BD-8F8B-0F29-89DB5B4E215F}" = CCC Help Polish
"{336652F7-6D09-47F8-9C6D-9FFFD673543C}" = CCC Help Chinese Traditional
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4237FDD2-5E55-47DA-B849-1982496D9288}" = Catalyst Control Center Localization Thai
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47F8EE35-905B-9429-FC0E-6B989C0812E6}" = Catalyst Control Center Core Implementation
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AE196EC-ABA1-9BFC-74EC-B32FCA64373E}" = Catalyst Control Center Localization German
"{4DBD094A-1D35-61D5-F3A0-4458DCAD37C2}" = Catalyst Control Center Graphics Previews Common
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}" = Kaspersky Security Scan
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62779ED4-16E5-EEE7-28C8-AF2199DD0273}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{640B596F-A338-8B00-B7B9-C372B68F4C9F}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B32A311-93B5-31DF-E366-7455CD2EB70E}" = CCC Help Turkish
"{6B6CA344-96B5-6532-A087-BFDA6F4D5B45}" = Catalyst Control Center Localization Portuguese
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E139C26-2033-466B-89FF-1EB1AF6D4979}" = Saitek Call Of Duty Modern Warefare 2 Profiles
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{715A7636-C48B-181A-D221-C8C4D942A0C0}" = Catalyst Control Center Graphics Full New
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7307702E-FE78-159E-E049-70AF0BEFE10E}" = CCC Help Korean
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}" = Sentinel Protection Installer 7.6.1
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE51E45-F0B9-3BE4-4946-1B6D41D16A4A}" = CCC Help English
"{8DCC4911-EC3D-41E9-85C9-168CA356EFE1}" = Lost Treasures of Alexandria
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{941E8028-CD3E-B877-5AE9-8107FEF652BC}" = CCC Help French
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{99F4AE76-1ACC-DB7A-70C5-EF487D2268F5}" = Catalyst Control Center Localization Chinese Standard
"{99F66DCA-1A0C-7D84-6832-5F986D151BBF}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F4358-8BD4-AB2C-313C-10BB5CB23796}" = CCC Help Chinese Standard
"{9B9DB42C-02E9-C357-0078-8C0071A0A4D9}" = Catalyst Control Center Graphics Previews Vista
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D680A7E-371C-45A8-6A68-C1782387B296}" = Catalyst Control Center Localization Polish
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{9F66304B-4C08-ACB8-4244-10E0E101C05B}" = Catalyst Control Center Localization Italian
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A154BBC7-5211-63EE-54F1-DDE3FF25BD0A}" = Catalyst Control Center Graphics Light
"{A2436E51-CBA9-41C2-10E1-63B32E1529C4}" = CCC Help German
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A8406091-51A7-FCAF-9F51-86FE36BD346E}" = Catalyst Control Center Graphics Full Existing
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_942" = Adobe Acrobat 9.4.2 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B527A17B-A113-CD79-D502-8057991E2CFF}" = Catalyst Control Center Localization Spanish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1A628C2-92CC-BC23-BA13-18C6CFD2222E}" = ccc-utility
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD305273-BA53-7F8F-88BC-066697820188}" = CCC Help Spanish
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E596BCF1-93C9-F90B-B01E-EBCF4231F2C7}" = Skins
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D57C50-4AB8-4857-9A32-749AB8963262}" = Saitek Cyborg Keyboard Volume 6.7.3.0
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3C3F02B-0A1A-4C18-94DD-916922F498AB}" = Saitek SD6 Programming Software 6.7.3.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AudioCreator_is1" = Audio Creator LE 1.5
"avast5" = avast! Free Antivirus
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.0.0
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"LightWave 3D 9.6 9.6" = LightWave 3D 9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MUSHclient" = MUSHclient (remove only)
"Music Creator_is1" = Music Creator 5
"Plants vs. Zombies" = Plants vs. Zombies
"PokerStars" = PokerStars
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sony Digital Camera Driver" = Sony Digital Camera Driver
"StarCraft II" = StarCraft II
"Steam App 12820" = Overlord II - Demo
"Steam App 220" = Half-Life 2
"Steam App 33230" = Assassin's Creed II
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 4700" = Medieval II: Total War
"Tablet Driver" = Tablet
"Warcraft III" = Warcraft III
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3b
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xilisoft MP4 Converter" = Xilisoft MP4 Converter

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1095388610-3448419138-2822967507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Aarons
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2011 8:40:21 AM | Computer Name = Senecal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 2/25/2011 8:40:21 AM | Computer Name = Senecal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 2/25/2011 8:40:22 AM | Computer Name = Senecal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/25/2011 8:40:22 AM | Computer Name = Senecal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025

Error - 2/25/2011 8:40:22 AM | Computer Name = Senecal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

Error - 2/25/2011 8:42:02 AM | Computer Name = Senecal-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/26/2011 6:46:03 PM | Computer Name = Senecal-PC | Source = Application Error | ID = 1000
Description = Faulting application SPUBuiltInAccessor.exe, version 0.0.0.0, time
stamp 0x46a5bb11, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000005, fault offset 0x00039747, process id 0x7f4,
application start time 0x01cbd606ecb0a2a3.

Error - 2/27/2011 2:48:30 AM | Computer Name = Senecal-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/27/2011 4:59:51 PM | Computer Name = Senecal-PC | Source = Application Error | ID = 1000
Description = Faulting application medieval2.exe, version 1.3.0.0, time stamp 0x467f61a1,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00039747, process id 0x10c8, application start time
0x01cbd6c145d8fc86.

Error - 2/28/2011 9:31:44 AM | Computer Name = Senecal-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 2/25/2011 1:50:03 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/25/2011 1:50:03 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/26/2011 9:41:59 AM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/26/2011 4:06:38 PM | Computer Name = Senecal-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:05:41 PM on 2/26/2011 was unexpected.

Error - 2/26/2011 4:08:39 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/26/2011 4:12:50 PM | Computer Name = Senecal-PC | Source = DCOM | ID = 10005
Description =

Error - 2/26/2011 4:12:50 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/26/2011 4:12:50 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/27/2011 9:26:08 AM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/28/2011 5:05:49 PM | Computer Name = Senecal-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 01 March 2011 - 05:34 PM

Cynis,

How are you doing today? I hope your having a fantastic day!


Please be sure to include an update on how your computer is currently running in your next reply.



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-1095388610-3448419138-2822967507-1000..\Run: [AdobeBridge] File not found
    O33 - MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\Shell - "" = AutoRun
    O33 - MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\{650cb783-2f87-11de-b3ab-001d099b3423}\Shell\AutoRun\command - "" = L:\PMB_Portable.exe
    O33 - MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\Shell - "" = AutoRun
    O33 - MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    [2011/02/28 16:03:55 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\UWAFP.job
    [2011/01/26 22:14:18 | 000,197,120 | ---- | C] () -- C:\Windows\Zxemea.exe
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 March 2011 - 07:24 AM

ST, I will run those tonight and get the logs posted for you.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 03 March 2011 - 12:14 PM

Okay. :thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Cynis

Cynis
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 March 2011 - 06:13 PM

OTL Report:
-----------

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1095388610-3448419138-2822967507-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1095388610-3448419138-2822967507-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064b7739-be3e-11de-9add-001d099b3423}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064b7739-be3e-11de-9add-001d099b3423}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064b7739-be3e-11de-9add-001d099b3423}\ not found.
File K:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{650cb783-2f87-11de-b3ab-001d099b3423}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650cb783-2f87-11de-b3ab-001d099b3423}\ not found.
File L:\PMB_Portable.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6526eae-f1c4-11df-894b-001d099b3423}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6526eae-f1c4-11df-894b-001d099b3423}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6526eae-f1c4-11df-894b-001d099b3423}\ not found.
File K:\LaunchU3.exe -a not found.
C:\Windows\Tasks\UWAFP.job moved successfully.
C:\Windows\Zxemea.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Aarons\Desktop\cmd.bat deleted successfully.
C:\Users\Aarons\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Aarons
->Temp folder emptied: 4659831 bytes
->Temporary Internet Files folder emptied: 83026582 bytes
->Java cache emptied: 1810510 bytes
->FireFox cache emptied: 126258007 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2584316 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 208.00 mb


[EMPTYFLASH]

User: Aarons
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03032011_180311

Files\Folders moved on Reboot...
File\Folder C:\Users\Aarons\AppData\Local\Temp\Low\~DFBEF0.tmp not found!
File\Folder C:\Users\Aarons\AppData\Local\Temp\Low\~DFBEFD.tmp not found!
C:\Users\Aarons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WK3LMSG0\topic381754[1].htm moved successfully.
C:\Users\Aarons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Aarons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:47 PM

Posted 03 March 2011 - 06:18 PM

Please post the other logs when you've had a chance to run them. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users