Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with RaT They stole 1000 Dollars


  • This topic is locked This topic is locked
14 replies to this topic

#1 wowser8

wowser8

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 26 February 2011 - 07:51 PM

I have a Rat Remote admin tool its a type of trojan I need help getting it off.

Edited by Orange Blossom, 26 February 2011 - 07:55 PM.
Move to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 26 February 2011 - 11:15 PM

Hello a RAT, or remote access trojan (sometimes remote administration tool) is a program that listens for and accepts connections from a remote 3rd party and carries out the commands that 3rd party gives it... essentially it's a server that provides remote control functionality...

After you remove most malware programs, the damage is done and the worst of the crisis is over. Not so with RATs. Like their virus and worm cousins, RATs can delete and modify files, format hard disks, upload and download files, harass users, and drop off other malware. I often find compromised PCs that intruders used to store games and other cracking tools, taking up nearly all the user's available hard disk space. But RATs have two unique features—content capturing and remote control—that make them a higher order of particularly dangerous malware.

TechNet


This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 27 February 2011 - 12:14 AM

I want to get rid it of it. I talked to the guy and he said he uninstalled it. I am familiar with rats and viruses so I can help too.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 27 February 2011 - 10:32 AM

OK, let's run these now.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 27 February 2011 - 03:30 PM

Alright before I post the logs theres some things you should know.

I end the virus's process right when my computer starts up. The process are usually 6 different ones that look like this 3552345_Windows.exe or 2343532_Windefender.exe
and sometimes explorer.exe

Ive scanned with Mbam many times but it keeps picking up the same virus and is never able to remove it.

I realize he uses spynet should I just remove the entire spynet folder?

Ive also flushed out the stuff in the application data folder before and it keeps coming back.

TDDS log:

2011/02/27 15:12:53.0531 3852	TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 15:12:53.0750 3852	================================================================================
2011/02/27 15:12:53.0750 3852	SystemInfo:
2011/02/27 15:12:53.0750 3852	
2011/02/27 15:12:53.0750 3852	OS Version: 5.2.3790 ServicePack: 2.0
2011/02/27 15:12:53.0750 3852	Product type: Workstation
2011/02/27 15:12:53.0750 3852	ComputerName: BURT
2011/02/27 15:12:53.0765 3852	UserName: Administrator
2011/02/27 15:12:53.0765 3852	Windows directory: C:\WINDOWS
2011/02/27 15:12:53.0765 3852	System windows directory: C:\WINDOWS
2011/02/27 15:12:53.0765 3852	Running under WOW64
2011/02/27 15:12:53.0765 3852	Processor architecture: Intel x64
2011/02/27 15:12:53.0765 3852	Number of processors: 2
2011/02/27 15:12:53.0765 3852	Page size: 0x1000
2011/02/27 15:12:53.0765 3852	Boot type: Normal boot
2011/02/27 15:12:53.0765 3852	================================================================================
2011/02/27 15:12:54.0578 3852	Initialize success
2011/02/27 15:13:06.0046 1628	================================================================================
2011/02/27 15:13:06.0046 1628	Scan started
2011/02/27 15:13:06.0046 1628	Mode: Manual; 
2011/02/27 15:13:06.0046 1628	================================================================================
2011/02/27 15:13:08.0578 1628	ACPI            (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/27 15:13:08.0687 1628	ACPIEC          (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/27 15:13:08.0812 1628	adfs            (d44bcaf639e4e45307c2bc80715273d5) C:\WINDOWS\system32\drivers\adfs.sys
2011/02/27 15:13:09.0078 1628	aec             (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
2011/02/27 15:13:09.0218 1628	AegisP          (69e16bdc39ff6be44f8e94a1fd3cf44c) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/27 15:13:09.0359 1628	AFD             (f0e008ac59faa5ecd22c8891b3300378) C:\WINDOWS\System32\drivers\afd.sys
2011/02/27 15:13:09.0703 1628	androidusb      (27466e519371c6fc3a39b1f7b8a297fc) C:\WINDOWS\system32\Drivers\ssadadb.sys
2011/02/27 15:13:09.0843 1628	AsyncMac        (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/27 15:13:09.0984 1628	atapi           (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/27 15:13:10.0234 1628	Atmarpc         (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/27 15:13:10.0359 1628	audstub         (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/27 15:13:10.0484 1628	Beep            (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/27 15:13:10.0578 1628	bulkadi         (ce294cf4893a31a7ae59fcaf906936a6) C:\WINDOWS\system32\DRIVERS\bulkrazer_x64.sys
2011/02/27 15:13:10.0687 1628	CCDECODE        (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/27 15:13:10.0796 1628	CdaC15BA        (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
2011/02/27 15:13:10.0921 1628	CdaD10BA        (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
2011/02/27 15:13:10.0968 1628	Cdfs            (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/27 15:13:11.0078 1628	Cdrom           (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/27 15:13:11.0562 1628	cpuz132         (c9c25778efe890baa4087e32937016a0) C:\WINDOWS\system32\drivers\cpuz132_x64.sys
2011/02/27 15:13:11.0656 1628	crcdisk         (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
2011/02/27 15:13:11.0734 1628	Disk            (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/27 15:13:11.0937 1628	dmboot          (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/27 15:13:12.0078 1628	dmio            (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/27 15:13:12.0171 1628	dmload          (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/27 15:13:12.0390 1628	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\WINDOWS\system32\DRIVERS\ENTECH64.sys
2011/02/27 15:13:12.0531 1628	epmntdrv        (1cb7fb55d52d41731d66ebe3988e0806) C:\WINDOWS\system32\epmntdrv.sys
2011/02/27 15:13:12.0625 1628	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\WINDOWS\system32\EuGdiDrv.sys
2011/02/27 15:13:12.0765 1628	EuMusDesignVirtualAudioCableWdm (5786f6a06eff17bddfeea128dca0b346) C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys
2011/02/27 15:13:12.0890 1628	Fastfat         (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/27 15:13:13.0015 1628	Fdc             (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/27 15:13:13.0140 1628	Fips            (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/27 15:13:13.0203 1628	Flpydisk        (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/27 15:13:13.0328 1628	FltMgr          (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/27 15:13:13.0421 1628	Fs_Rec          (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/27 15:13:13.0562 1628	Ftdisk          (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/27 15:13:13.0687 1628	Gpc             (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/27 15:13:13.0828 1628	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/02/27 15:13:14.0015 1628	HDAudBus        (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/27 15:13:14.0156 1628	hidusb          (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/27 15:13:14.0453 1628	HTTP            (2138f3fd8f0658adef14c6e5870fe1e9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/27 15:13:14.0734 1628	imapi           (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/27 15:13:14.0859 1628	intelppm        (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/27 15:13:14.0984 1628	Ip6Fw           (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/27 15:13:15.0078 1628	IpFilterDriver  (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/27 15:13:15.0234 1628	IpNat           (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/27 15:13:15.0390 1628	IPSec           (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/27 15:13:15.0515 1628	IRENUM          (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/27 15:13:15.0625 1628	isapnp          (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/27 15:13:15.0796 1628	Kbdclass        (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/27 15:13:15.0906 1628	kbdhid          (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/27 15:13:16.0000 1628	KeyScrambler    (2f6ab913da21b30a6bfe9d7b2787e3f9) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/02/27 15:13:16.0156 1628	kmixer          (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/27 15:13:16.0265 1628	KSecDD          (2649aca0d7c01933c95073f4ebfac42c) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/27 15:13:16.0406 1628	ksthunk         (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
2011/02/27 15:13:16.0546 1628	ManyCam         (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\WINDOWS\system32\DRIVERS\ManyCam_x64.sys
2011/02/27 15:13:16.0671 1628	mnmdd           (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/27 15:13:16.0968 1628	Modem           (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/27 15:13:17.0218 1628	Mouclass        (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/27 15:13:17.0328 1628	mouhid          (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/27 15:13:17.0390 1628	MountMgr        (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/27 15:13:17.0453 1628	MQAC            (6fb1df22ff755424e49c008c33377cfa) C:\WINDOWS\system32\drivers\mqac.sys
2011/02/27 15:13:17.0671 1628	MRxDAV          (f588ab7dcffefb2891764cf380a80b63) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/27 15:13:17.0812 1628	MRxSmb          (9899c0483ae641a9540731164fca1ac5) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/27 15:13:18.0046 1628	Msfs            (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/27 15:13:18.0140 1628	MSKSSRV         (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/27 15:13:18.0281 1628	MSPCLOCK        (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/27 15:13:18.0359 1628	MSPQM           (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/27 15:13:18.0421 1628	mssmbios        (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/27 15:13:18.0546 1628	MSTEE           (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/27 15:13:18.0640 1628	MTsensor        (cac3bb575e4a0417bff28d3196e44d3a) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/02/27 15:13:18.0687 1628	Mup             (4e3a0746542aa482117293234bfde2c9) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/27 15:13:18.0843 1628	NABTSFEC        (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/27 15:13:19.0015 1628	NDIS            (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/27 15:13:19.0125 1628	NdisIP          (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/27 15:13:19.0234 1628	NdisTapi        (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/27 15:13:19.0328 1628	Ndisuio         (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/27 15:13:19.0375 1628	NdisWan         (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/27 15:13:19.0515 1628	NDProxy         (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/27 15:13:19.0625 1628	NetBIOS         (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/27 15:13:19.0765 1628	NetBT           (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/27 15:13:19.0843 1628	Npfs            (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/27 15:13:20.0000 1628	Ntfs            (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/27 15:13:20.0500 1628	Null            (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
2011/02/27 15:13:21.0718 1628	nv              (fad1da27160e0cfbf19096daa38991bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/27 15:13:23.0578 1628	NVHDA           (c3982f4d9166ca15ac10c21c8d8dc0ca) C:\WINDOWS\system32\drivers\nvhda64.sys
2011/02/27 15:13:23.0765 1628	Parport         (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/27 15:13:23.0875 1628	PartMgr         (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/27 15:13:23.0937 1628	PCI             (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/27 15:13:23.0968 1628	PCIIde          (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/27 15:13:24.0093 1628	Pcmcia          (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/27 15:13:24.0453 1628	PptpMiniport    (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/27 15:13:24.0562 1628	PSched          (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/27 15:13:24.0656 1628	Ptilink         (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/27 15:13:24.0703 1628	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2011/02/27 15:13:24.0796 1628	RasAcd          (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/27 15:13:24.0921 1628	Rasl2tp         (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/27 15:13:25.0328 1628	RasPppoe        (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/27 15:13:25.0500 1628	Raspti          (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/27 15:13:25.0640 1628	Rdbss           (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/27 15:13:25.0765 1628	RDPCDD          (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/27 15:13:25.0906 1628	rdpdr           (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/27 15:13:26.0062 1628	RDPWD           (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/27 15:13:26.0187 1628	redbook         (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/27 15:13:26.0453 1628	RivaTuner64     (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/02/27 15:13:26.0562 1628	RMCAST          (a3d04e03295df9ec2a90566ecd81445e) C:\WINDOWS\system32\DRIVERS\RMCAST.sys
2011/02/27 15:13:26.0765 1628	RT61            (d37b664a9d96174364fdb5fbdb05aa69) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/02/27 15:13:26.0921 1628	RzSynapse       (d2ceff3befe9c468717b6bb7fa4a5e44) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
2011/02/27 15:13:27.0046 1628	Secdrv          (6d4ccd356da407194c2574a68d9c727a) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/27 15:13:27.0187 1628	serenum         (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/27 15:13:27.0296 1628	Serial          (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/27 15:13:27.0453 1628	Sfloppy         (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/27 15:13:27.0609 1628	SLIP            (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/27 15:13:27.0734 1628	Smb             (9a7410739230f3aaf9390b79eb398570) C:\WINDOWS\system32\DRIVERS\smb.sys
2011/02/27 15:13:27.0953 1628	speedfan        (5f9785e7535f8f602cb294a54962c9e7) C:\WINDOWS\SysWOW64\speedfan.sys
2011/02/27 15:13:28.0500 1628	splitter        (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/27 15:13:28.0640 1628	sr              (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/27 15:13:28.0843 1628	Srv             (da399dc57b869cf11b7cf98f0a8494d7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/27 15:13:29.0078 1628	ssadbus         (9dc17d4dd327791c8839aacf3afbced0) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/02/27 15:13:29.0171 1628	ssadmdfl        (172fb698b9e08775fd4ce706a77a5f87) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/02/27 15:13:29.0296 1628	ssadmdm         (113e29e48d8eb55cb087f50f7269c5bc) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/02/27 15:13:29.0437 1628	sscdbus         (fc8211220f53fdbba23626c794790fd5) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/02/27 15:13:29.0546 1628	sscdmdfl        (fbed7d7d14934d20cf757555cf66d3d5) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/02/27 15:13:29.0640 1628	sscdmdm         (b977d8295735d39f3d896894002aae51) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/02/27 15:13:29.0796 1628	streamip        (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/27 15:13:29.0921 1628	swenum          (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/27 15:13:30.0046 1628	swmidi          (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/27 15:13:30.0406 1628	sysaudio        (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/27 15:13:30.0609 1628	tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2011/02/27 15:13:30.0765 1628	Tcpip           (c013e7f14fd378a16f5b7a4b5a7050e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/27 15:13:31.0062 1628	Tcpip6          (988ebc81622a3806ab48fafd1eb73286) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/02/27 15:13:31.0187 1628	TDPIPE          (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/27 15:13:31.0296 1628	TDTCP           (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/27 15:13:31.0406 1628	TermDD          (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/27 15:13:31.0531 1628	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\WINDOWS\System32\Drivers\TFsExDisk.sys
2011/02/27 15:13:31.0656 1628	tunmp           (c05c52a1338b464dfe31a2ecd81ea987) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/02/27 15:13:31.0765 1628	Udfs            (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/27 15:13:31.0953 1628	Update          (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/27 15:13:32.0093 1628	usbaudio        (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/27 15:13:32.0218 1628	usbccgp         (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/27 15:13:32.0328 1628	usbehci         (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/27 15:13:32.0484 1628	usbhub          (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/27 15:13:32.0640 1628	usbprint        (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/27 15:13:32.0703 1628	usbscan         (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/27 15:13:32.0828 1628	USBSTOR         (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/27 15:13:32.0906 1628	usbuhci         (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/27 15:13:33.0078 1628	vga             (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2011/02/27 15:13:33.0187 1628	VgaSave         (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
2011/02/27 15:13:33.0375 1628	VolSnap         (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
2011/02/27 15:13:33.0453 1628	Wanarp          (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/27 15:13:33.0609 1628	Wdf01000        (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/27 15:13:33.0765 1628	wdmaud          (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/27 15:13:33.0968 1628	WinUSB          (bf534cc3c086900980651463034f4430) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/02/27 15:13:34.0093 1628	WpdUsb          (26c038b5f723ee2a433cbfbb12cacffc) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/27 15:13:34.0250 1628	WSTCODEC        (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/27 15:13:34.0375 1628	WudfPf          (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/27 15:13:34.0453 1628	WudfRd          (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/27 15:13:34.0515 1628	yukonx64        (dfaf7fea7683b8bbb515c1b32b455551) C:\WINDOWS\system32\DRIVERS\yk51x64.sys
2011/02/27 15:13:34.0625 1628	\HardDisk1 - detected Backdoor.Win32.Sinowal.knf (0)
2011/02/27 15:13:34.0625 1628	================================================================================
2011/02/27 15:13:34.0625 1628	Scan finished
2011/02/27 15:13:34.0625 1628	================================================================================
2011/02/27 15:13:34.0625 3876	Detected object count: 1
2011/02/27 15:13:51.0843 3876	\HardDisk1 - will be cured after reboot
2011/02/27 15:13:51.0843 3876	Backdoor.Win32.Sinowal.knf(\HardDisk1) - User select action: Cure 
2011/02/27 15:15:35.0203 3816	Deinitialize success


Mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5896

Windows 5.2.3790 Service Pack 2
Internet Explorer 6.0.3790.3959

2/27/2011 3:31:46 PM
mbam-log-2011-02-27 (15-31-46).txt

Scan type: Quick scan
Objects scanned: 164508
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.Bot) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.Bot) -> Value: HKLM -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\spynet (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\WINDOWS\SysWOW64\spynet (Trojan.Backdoor) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\administrator\application data\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spynet\Explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\SysWOW64\spynet\Explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 27 February 2011 - 04:15 PM

Let's do a FULL scan and then an online scan and see if they return.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 27 February 2011 - 10:19 PM

Mbam full scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5897

Windows 5.2.3790 Service Pack 2
Internet Explorer 6.0.3790.3959

2/27/2011 5:46:39 PM
mbam-log-2011-02-27 (17-46-39).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 487795
Time elapsed: 1 hour(s), 24 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.Bot) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.Bot) -> Value: HKLM -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\spynet (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\WINDOWS\SysWOW64\spynet (Trojan.Backdoor) -> Quarantined and deleted successfully.

Files Infected:
c:\system volume information\_restore{9d562aed-5655-4892-8981-f6df264c1dcd}\RP232\A0217052.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spynet\Explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\SysWOW64\spynet\Explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

EST full scan

C:\Documents and Settings\Administrator\Application Data\Auslogics\Rescue\One Button Checkup\100331165117093.rsc	multiple threats	deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\Desktop\Junk\Fake Webcam 6.1.EXE	Win32/Adware.Primawega.AE application	deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\2_AbFmDStub.exe	a variant of MSIL/TrojanDropper.Agent.AL trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\4_AbFmDStub.exe	a variant of MSIL/TrojanDropper.Agent.AL trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\6_AbFmDStub.exe	a variant of MSIL/TrojanDropper.Agent.AL trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\3DMark06 1.0.2.rar	Win32/TrojanDownloader.Small.PBR trojan	deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Downloads.zip	Win32/Injector.ELG trojan	deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Setup_FreeFlvConverterN.exe	Win32/Adware.Toolbar.Dealio application	deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Java Applet\Client.jar	Java/TrojanDownloader.Agent.NBB trojan	deleted - quarantined
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\17070203_Windows.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\25517375_WinDefender.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\26303921_Svchost.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\27199640_Winlog.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\3270109_WinDefender.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\secret\Java Applet\Client.jar	Java/TrojanDownloader.Agent.NBB trojan	deleted - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP231\A0216886.dll	a variant of Win32/Packed.VMProtect.AAD trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP231\A0216948.exe	a variant of Win32/Injector.EUX trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP231\A0216950.exe	Win32/Adware.GabPath.BA application	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP231\A0216970.exe	a variant of Win32/Injector.EUX trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP232\A0217053.exe	a variant of Win32/Injector.EUX trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP232\A0217966.exe	a variant of Win32/Injector.EUX trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219403.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219404.exe	Win32/Spatet.I trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219405.EXE	Win32/Adware.Primawega.AE application	deleted - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219406.exe	a variant of MSIL/Kryptik.D trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219407.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219408.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219409.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219410.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{9D562AED-5655-4892-8981-F6DF264C1DCD}\RP234\A0219411.exe	probably a variant of MSIL/Injector.DB trojan	cleaned by deleting - quarantined
E:\Bullet Storm\Binaries\Win32\xlive.dll	a variant of Win32/Packed.VMProtect.AAD trojan	cleaned by deleting - quarantined


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 28 February 2011 - 03:22 PM

Ok we still have backdoors these compromise the machine.
We have 2 options ,,, a reformat or We need a deeper look and find out what is protecting this..
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 28 February 2011 - 03:33 PM

Im having issues. DDS doesnt work for my OS and Gmer dl is working. Also i get this error message when trying to open internet control panel because my internet stuff isnt working I cant use zero config
an expection occurred while trying to run "C:\WINDOWS\system32\shell32.dll,Control_RunDLL C:\Windows\system32\inetcpl.cpl, 4"

Also none of my usb ports are really working my headset doesnt work nor does and flash drive. and my task bar is windows 99 style

Edited by wowser8, 28 February 2011 - 03:40 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 28 February 2011 - 03:40 PM

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.


OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Let's skip DDS and GMER and try OTL
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 28 February 2011 - 03:45 PM

Alright restarting my computer for the winshock as it wouldnt let me change my proxy settings because i would get an error clicking on the connection tab

#12 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 28 February 2011 - 03:52 PM

It didnt fix it still get the same error i cant connect with zero config I connect with the software with my wireless card. Also it still doesnt detect my headset. It powers the usb ports but doesnt recognize anything in them i think.

#13 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 28 February 2011 - 06:58 PM

The Usb ports still dont work and I cant acces my internet cpl


OTL:
OTL logfile created on: 2/28/2011 3:55:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 83.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 15.47 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 761.35 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 2.59 Gb Free Space | 68.90% Space Free | Partition Type: FAT32
 
Computer Name: BURT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/02/28 15:54:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/01/15 18:11:02 | 001,106,432 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe
PRC - [2010/12/22 03:38:35 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2010/07/14 22:13:42 | 002,427,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Desktop\Gate\CyberGate v1.07.5.exe
PRC - [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/05/11 15:33:52 | 000,810,880 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\NagaTray.exe
PRC - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/10 18:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2008/11/24 11:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
PRC - [2007/10/17 15:02:50 | 001,114,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RaUI.exe
PRC - [2007/01/19 12:54:56 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/02/28 15:54:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2007/02/18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 11:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2006/03/29 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010/12/14 13:27:32 | 002,412,680 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:[b]64bit:[/b] - [2010/02/15 14:08:47 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/01/04 21:48:35 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/22 03:38:35 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/15 14:08:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/04/10 18:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008/11/24 11:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 11:05:18 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\6to4svc.dll -- (6to4)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/03/31 15:36:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/12/07 09:04:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/06/08 06:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/03/29 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://chameleontom.iamwired.net/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.crimson-project.com/Home.php"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:0.9.9.5
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.0
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100112
FF - prefs.js..extensions.enabledItems: cfxec@Triton:2.0.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..keyword.URL: "http://chameleontom.iamwired.net/search.php?src=tops&q="
FF - prefs.js..network.proxy.socks: "72.43.253.158"
FF - prefs.js..network.proxy.socks_port: 1234
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/28 03:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/28 03:01:35 | 000,000,000 | ---D | M]
 
[2010/01/09 18:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/28 03:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions
[2010/01/28 01:05:08 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/01/30 10:10:30 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/02/11 18:54:57 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/11/20 03:35:35 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/03/15 00:17:08 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/04/17 13:46:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/28 01:00:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/28 01:15:15 | 000,000,000 | ---D | M] (Chromifox Extreme Carbon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\cfxec@Triton
[2010/01/28 01:15:27 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\cfxHelper@Triton
[2010/04/17 13:46:17 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\chromifox@altmusictv.com
[2010/11/20 03:35:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\engine@conduit.com
[2010/03/21 17:29:07 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\LogMeInClient@logmein.com
[2010/01/28 01:01:55 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\nasanightlaunch@example.com
[2010/09/04 10:23:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\plugin@yontoo.com
[2010/04/17 13:46:15 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\smarterwiki@wikiatic.com
[2010/10/14 00:08:18 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gj94nzx2.default\extensions\toolbar@ask.com
[2011/02/28 03:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/27 22:56:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/22 20:03:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/22 20:03:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/01 14:57:42 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/05/09 11:30:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/06/22 20:03:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/24 17:37:28 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
 
Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  File not found
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  File not found
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:[b]64bit:[/b] - HKLM..\Run: [MsmqIntCert]  File not found
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon]  File not found
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter]  File not found
O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:[b]64bit:[/b] - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:[b]64bit:[/b] - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:[b]64bit:[/b] - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:[b]64bit:[/b] - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -  File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] -  File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll -  File not found
O21:[b]64bit:[/b] - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  File not found
O21:[b]64bit:[/b] - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} -  File not found
O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  File not found
O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -  File not found
O22:[b]64bit:[/b] - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader -  File not found
O22:[b]64bit:[/b] - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/09 17:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{53cfb961-fd78-11de-94f5-001aef0926fa}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{53cfb961-fd78-11de-94f5-001aef0926fa}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{f20bed88-fd75-11de-8551-001aef0926fa}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
CREATERESTOREPOINT
Error creating restore point.
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/02/28 03:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2011/02/27 17:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/02/27 17:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\workspace
[2011/02/27 15:14:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2011/02/27 15:12:33 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/02/26 18:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gate32
[2011/02/25 21:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/25 21:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/23 23:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2011/02/23 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA
[2011/02/23 17:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith
[2011/02/23 17:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/02/23 17:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011/02/23 17:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011/02/23 17:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/02/21 21:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/18 16:34:55 | 000,233,472 | ---- | C] (Hewlett Packard Corporation) -- C:\WINDOWS\SysWow64\hpzc35ha.dll
[2011/02/18 16:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/02/16 23:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\proj
[2011/02/10 18:20:41 | 000,000,000 | ---D | C] -- C:\ia64
[2011/02/10 18:20:41 | 000,000,000 | ---D | C] -- C:\i386
[2011/02/10 18:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\OpenVPN
[2011/02/10 17:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\tracing
[2011/02/07 00:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ColorPic 4.1
[2011/02/07 00:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ColorPic 4.1
[2011/02/02 22:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duty Calls
[2011/02/01 06:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\bottt
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/02/28 15:49:11 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/28 15:49:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 15:48:00 | 000,000,342 | -H-- | M] () -- C:\dvmexp.idx
[2011/02/28 15:30:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/02/28 04:58:36 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/02/28 04:29:48 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/02/28 03:01:35 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/28 03:01:35 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/28 02:05:47 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/27 20:36:46 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Administrator\.drjava
[2011/02/27 16:17:00 | 000,061,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\we-want-you.jpg
[2011/02/27 15:14:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2011/02/27 15:03:25 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Windows.exe
[2011/02/27 10:10:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3926274950-1228548745-1635682088-500UA.job
[2011/02/26 11:38:23 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\postt.php
[2011/02/25 21:15:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/02/25 20:51:22 | 000,261,236 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ts3_clientui-win64-12815-2011-02-25 20_51_20.406250.dmp
[2011/02/24 13:25:24 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\next.php
[2011/02/24 13:12:41 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\index.php
[2011/02/24 04:31:23 | 330,080,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BEST PRANK CALL! (1).camrec
[2011/02/23 23:12:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bulletstorm.lnk
[2011/02/23 23:11:45 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\index.html
[2011/02/23 17:01:04 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/02/23 15:11:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BEST PRANK CALL!.camrec
[2011/02/23 15:08:39 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/02/22 20:01:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/02/20 23:10:29 | 000,013,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\291,465,323,45279678.htm
[2011/02/19 19:16:08 | 000,169,641 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dt.png
[2011/02/12 00:24:08 | 000,032,344 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal.veg
[2011/02/12 00:14:28 | 099,438,483 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal2.wmv
[2011/02/11 23:49:09 | 097,366,513 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ImstillHere.wmv
[2011/02/11 23:38:47 | 000,029,440 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal.veg.bak
[2011/02/11 23:25:31 | 005,434,073 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\50_Cent_-_I_Get_Money_dirty_.mp3
[2011/02/11 23:21:27 | 000,026,296 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\istillhere.veg
[2011/02/11 21:28:07 | 001,792,658 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Delta Heavy - Space Time.mp3
[2011/02/10 19:15:18 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2011/02/07 00:58:00 | 000,134,186 | ---- | M] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/01/30 02:48:22 | 000,000,233 | ---- | M] () -- C:\WINDOWS\cat2.html
[2011/01/30 02:48:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\cat.html
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/02/28 15:30:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/02/28 03:01:35 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/27 16:17:04 | 000,061,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\we-want-you.jpg
[2011/02/27 15:03:25 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Windows.exe
[2011/02/26 20:45:16 | 000,491,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hackersvirus wiresharkthis.exe
[2011/02/25 20:51:20 | 000,261,236 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ts3_clientui-win64-12815-2011-02-25 20_51_20.406250.dmp
[2011/02/24 13:25:24 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\next.php
[2011/02/24 13:12:41 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\index.php
[2011/02/24 04:22:47 | 330,080,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BEST PRANK CALL! (1).camrec
[2011/02/23 23:12:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bulletstorm.lnk
[2011/02/23 23:11:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\index.html
[2011/02/23 17:01:04 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/02/23 15:11:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BEST PRANK CALL!.camrec
[2011/02/20 23:13:36 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\postt.php
[2011/02/20 23:10:29 | 000,013,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\291,465,323,45279678.htm
[2011/02/19 19:15:48 | 000,169,641 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dt.png
[2011/02/18 15:02:13 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/02/12 00:04:59 | 099,438,483 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal2.wmv
[2011/02/11 23:40:51 | 097,366,513 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ImstillHere.wmv
[2011/02/11 23:38:47 | 000,032,344 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal.veg
[2011/02/11 23:38:47 | 000,029,440 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\imstillherefinal.veg.bak
[2011/02/11 23:25:33 | 005,434,073 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\50_Cent_-_I_Get_Money_dirty_.mp3
[2011/02/11 23:21:27 | 000,026,296 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\istillhere.veg
[2011/02/11 21:28:04 | 001,792,658 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Delta Heavy - Space Time.mp3
[2011/02/07 00:58:00 | 000,134,186 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/01/30 02:48:22 | 000,000,233 | ---- | C] () -- C:\WINDOWS\cat2.html
[2011/01/30 02:48:14 | 000,000,406 | ---- | C] () -- C:\WINDOWS\cat.html
[2011/01/18 22:24:03 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll
[2011/01/18 22:24:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar3.dll
[2011/01/18 22:24:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll
[2011/01/18 22:24:03 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll
[2011/01/13 20:33:29 | 000,009,355 | ---- | C] () -- C:\WINDOWS\SysWow64\Uninstall.ini
[2011/01/02 15:30:37 | 002,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\BootMan.exe
[2011/01/02 15:30:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\SysWow64\setupempdrv03.exe
[2011/01/02 15:30:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\SysWow64\EuEpmGdi.dll
[2011/01/02 15:30:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\SysWow64\epmntdrv.sys
[2011/01/02 15:30:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\SysWow64\EuGdiDrv.sys
[2010/11/16 22:26:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll
[2010/10/17 13:53:14 | 006,814,952 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe
[2010/10/17 13:53:14 | 000,017,772 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/09/23 01:15:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/09/19 19:35:32 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2010/09/19 16:27:57 | 000,000,236 | ---- | C] () -- C:\Program Files (x86)\Common Files\dx.reg
[2010/09/19 16:27:56 | 001,029,126 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10.dll
[2010/09/19 16:27:56 | 000,874,502 | ---- | C] () -- C:\WINDOWS\SysWow64\kernel32new.dll
[2010/09/19 16:27:56 | 000,716,153 | ---- | C] () -- C:\WINDOWS\SysWow64\unins000.exe
[2010/09/19 16:27:56 | 000,681,478 | ---- | C] () -- C:\WINDOWS\SysWow64\msvcrtnew.dll
[2010/09/19 16:27:56 | 000,187,398 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10core.dll
[2010/09/19 16:27:56 | 000,002,945 | ---- | C] () -- C:\WINDOWS\SysWow64\unins000.dat
[2010/09/06 23:53:51 | 000,000,140 | ---- | C] () -- C:\WINDOWS\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2010/09/06 23:51:44 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2010/09/03 17:47:02 | 000,013,088 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010/08/04 07:41:46 | 000,147,437 | ---- | C] () -- C:\WINDOWS\SysWow64\Uninstall.exe
[2010/05/26 17:31:07 | 000,028,891 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/05/01 22:36:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2010/04/25 20:48:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2010/03/08 08:00:13 | 000,270,904 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2010/03/08 08:00:13 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2010/03/08 08:00:12 | 002,434,856 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2010/01/10 22:07:06 | 000,691,386 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010/01/09 19:48:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/01/09 18:53:32 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 18:14:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/09 17:42:11 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2010/01/09 17:42:11 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2010/01/09 17:39:33 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2010/01/09 17:39:33 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2010/01/09 17:34:10 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/01/09 17:34:08 | 000,021,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/09 17:34:08 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/01/09 17:18:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\SysWow64\sqlite3.dll
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\SysWow64\OpenQuicktimeLib.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys
[2006/03/29 07:00:00 | 001,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2006/03/29 07:00:00 | 001,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz(2).dll
[2006/03/29 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2006/03/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2006/03/29 07:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2006/03/29 07:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2006/03/29 07:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2006/03/29 07:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2006/03/29 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2006/03/29 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2006/03/29 07:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2006/03/29 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2006/03/29 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2006/03/29 07:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2006/03/29 07:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2006/03/29 07:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2006/03/29 07:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2006/03/29 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2006/03/29 07:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2006/03/29 07:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/03/29 07:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2006/03/29 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2006/03/29 07:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2006/03/29 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/03/29 07:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2001/12/31 19:44:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/01/15 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2010/01/30 19:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/02/27 04:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/10/09 20:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/25 19:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayFusion
[2011/01/27 01:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EpicBot
[2010/08/21 20:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/09/04 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeFLVConverter
[2010/10/16 09:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2010/03/11 23:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManyCam
[2010/09/03 17:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/03/07 16:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mass eMailer
[2010/01/09 19:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010/04/18 12:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/02/05 02:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Polynomial
[2011/02/26 13:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/10/11 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrimoPDF
[2010/02/05 02:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/06/10 00:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/01/19 01:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/02/05 02:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/04/07 23:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Creative Software
[2010/01/20 02:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/02/14 23:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/01/16 18:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/05/26 17:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TMP
[2011/02/28 03:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/11/21 23:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2011/01/15 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\twistedScape
[2010/06/02 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2011/01/31 00:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/16 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2011/02/26 18:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/02/18 10:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010/09/19 01:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/09 18:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/03/11 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/05/01 15:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PeerMatrix
[2010/10/16 09:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/01 14:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/06/09 23:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/19 01:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/01/23 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/13 23:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2010/09/04 10:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/02/23 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/27 01:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/09/17 22:11:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2011/02/28 15:49:59 | 000,031,848 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2011/02/22 20:01:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/01/28 17:19:50 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\tonegenShakeIcon.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2002/11/14 22:32:08 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:AGP440.sys
[2007/02/17 00:03:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\WINDOWS\ServicePackFiles\amd64\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:atapi.sys
[2005/03/24 17:12:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/02/17 00:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/01/10 10:43:00 | 000,028,791 | R--- | M] () MD5=01CE8D74F220AC757728906DADA2E0C7 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2006/03/29 07:00:00 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007/02/17 00:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\WINDOWS\ServicePackFiles\amd64\eventlog.dll
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2007/02/18 11:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2006/03/29 07:00:00 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2007/02/17 00:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\WINDOWS\ServicePackFiles\amd64\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2007/02/17 00:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\WINDOWS\ServicePackFiles\amd64\scecli.dll
[2006/03/29 07:00:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/02/18 11:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\SysWOW64:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >

Extra:
OTL Extras logfile created on: 2/28/2011 3:55:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 83.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 15.47 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 761.35 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 2.59 Gb Free Space | 68.90% Space Free | Partition Type: FAT32
 
Computer Name: BURT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UACDisableNotify" = 0
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58890:TCP" = 58890:TCP:*:Enabled:Pando Media Booster
"58890:UDP" = 58890:UDP:*:Enabled:Pando Media Booster
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"4175:TCP" = 4175:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"4662:TCP" = 4662:TCP:*:Enabled:Akamai NetSession Interface
"1625:TCP" = 1625:TCP:*:Enabled:Akamai NetSession Interface
"4925:TCP" = 4925:TCP:*:Enabled:Akamai NetSession Interface
"1999:TCP" = 1999:TCP:*:Enabled:Akamai NetSession Interface
"4731:TCP" = 4731:TCP:*:Enabled:Akamai NetSession Interface
"2940:TCP" = 2940:TCP:*:Enabled:Akamai NetSession Interface
"3543:TCP" = 3543:TCP:*:Enabled:Akamai NetSession Interface
"1964:TCP" = 1964:TCP:*:Enabled:Akamai NetSession Interface
"3336:TCP" = 3336:TCP:*:Enabled:Akamai NetSession Interface
"1090:TCP" = 1090:TCP:*:Enabled:Akamai NetSession Interface
"1093:TCP" = 1093:TCP:*:Enabled:Akamai NetSession Interface
"1058:TCP" = 1058:TCP:*:Enabled:Akamai NetSession Interface
"3154:TCP" = 3154:TCP:*:Enabled:Akamai NetSession Interface
"3138:TCP" = 3138:TCP:*:Enabled:Akamai NetSession Interface
"1370:TCP" = 1370:TCP:*:Enabled:Akamai NetSession Interface
"1407:TCP" = 1407:TCP:*:Enabled:Akamai NetSession Interface
"1060:TCP" = 1060:TCP:*:Enabled:Akamai NetSession Interface
"1121:TCP" = 1121:TCP:*:Enabled:Akamai NetSession Interface
"1144:TCP" = 1144:TCP:*:Enabled:Akamai NetSession Interface
"1211:TCP" = 1211:TCP:*:Enabled:Akamai NetSession Interface
"1136:TCP" = 1136:TCP:*:Enabled:Akamai NetSession Interface
"1076:TCP" = 1076:TCP:*:Enabled:Akamai NetSession Interface
"1786:TCP" = 1786:TCP:*:Enabled:Akamai NetSession Interface
"2937:TCP" = 2937:TCP:*:Enabled:Akamai NetSession Interface
"4723:TCP" = 4723:TCP:*:Enabled:Akamai NetSession Interface
"3226:TCP" = 3226:TCP:*:Enabled:Akamai NetSession Interface
"3943:TCP" = 3943:TCP:*:Enabled:Akamai NetSession Interface
"2043:TCP" = 2043:TCP:*:Enabled:Akamai NetSession Interface
"3642:TCP" = 3642:TCP:*:Enabled:Akamai NetSession Interface
"1118:TCP" = 1118:TCP:*:Enabled:Akamai NetSession Interface
"1099:TCP" = 1099:TCP:*:Enabled:Akamai NetSession Interface
"3505:TCP" = 3505:TCP:*:Enabled:Akamai NetSession Interface
"2157:TCP" = 2157:TCP:*:Enabled:Akamai NetSession Interface
"4687:TCP" = 4687:TCP:*:Enabled:Akamai NetSession Interface
"4040:TCP" = 4040:TCP:*:Enabled:Akamai NetSession Interface
"1074:TCP" = 1074:TCP:*:Enabled:Akamai NetSession Interface
"4571:TCP" = 4571:TCP:*:Enabled:Akamai NetSession Interface
"2067:TCP" = 2067:TCP:*:Enabled:Akamai NetSession Interface
"4916:TCP" = 4916:TCP:*:Enabled:Akamai NetSession Interface
"2580:TCP" = 2580:TCP:*:Enabled:Akamai NetSession Interface
"1100:TCP" = 1100:TCP:*:Enabled:Akamai NetSession Interface
"3060:TCP" = 3060:TCP:*:Enabled:Akamai NetSession Interface
"1394:TCP" = 1394:TCP:*:Enabled:Akamai NetSession Interface
"3028:TCP" = 3028:TCP:*:Enabled:Akamai NetSession Interface
"3900:TCP" = 3900:TCP:*:Enabled:Akamai NetSession Interface
"3946:TCP" = 3946:TCP:*:Enabled:Akamai NetSession Interface
"1088:TCP" = 1088:TCP:*:Enabled:Akamai NetSession Interface
"3338:TCP" = 3338:TCP:*:Enabled:Akamai NetSession Interface
"3372:TCP" = 3372:TCP:*:Enabled:Akamai NetSession Interface
"4505:TCP" = 4505:TCP:*:Enabled:Akamai NetSession Interface
"2970:TCP" = 2970:TCP:*:Enabled:Akamai NetSession Interface
"1857:TCP" = 1857:TCP:*:Enabled:Akamai NetSession Interface
"1069:TCP" = 1069:TCP:*:Enabled:Akamai NetSession Interface
"1083:TCP" = 1083:TCP:*:Enabled:Akamai NetSession Interface
"1097:TCP" = 1097:TCP:*:Enabled:Akamai NetSession Interface
"1927:TCP" = 1927:TCP:*:Enabled:Akamai NetSession Interface
"2211:TCP" = 2211:TCP:*:Enabled:Akamai NetSession Interface
"1082:TCP" = 1082:TCP:*:Enabled:Akamai NetSession Interface
"1079:TCP" = 1079:TCP:*:Enabled:Akamai NetSession Interface
"1179:TCP" = 1179:TCP:*:Enabled:Akamai NetSession Interface
"1103:TCP" = 1103:TCP:*:Enabled:Akamai NetSession Interface
"3309:TCP" = 3309:TCP:*:Enabled:Akamai NetSession Interface
"1086:TCP" = 1086:TCP:*:Enabled:Akamai NetSession Interface
"2174:TCP" = 2174:TCP:*:Enabled:Akamai NetSession Interface
"1072:TCP" = 1072:TCP:*:Enabled:Akamai NetSession Interface
"2603:TCP" = 2603:TCP:*:Enabled:Akamai NetSession Interface
"3320:TCP" = 3320:TCP:*:Enabled:Akamai NetSession Interface
"3950:TCP" = 3950:TCP:*:Enabled:Akamai NetSession Interface
"4507:TCP" = 4507:TCP:*:Enabled:Akamai NetSession Interface
"2381:TCP" = 2381:TCP:*:Enabled:Akamai NetSession Interface
"2539:TCP" = 2539:TCP:*:Enabled:Akamai NetSession Interface
"1163:TCP" = 1163:TCP:*:Enabled:Akamai NetSession Interface
"4403:TCP" = 4403:TCP:*:Enabled:Akamai NetSession Interface
"1081:TCP" = 1081:TCP:*:Enabled:Akamai NetSession Interface
"1623:TCP" = 1623:TCP:*:Enabled:Akamai NetSession Interface
"1699:TCP" = 1699:TCP:*:Enabled:Akamai NetSession Interface
"1084:TCP" = 1084:TCP:*:Enabled:Akamai NetSession Interface
"1484:TCP" = 1484:TCP:*:Enabled:Akamai NetSession Interface
"3578:TCP" = 3578:TCP:*:Enabled:Akamai NetSession Interface
"1077:TCP" = 1077:TCP:*:Enabled:Akamai NetSession Interface
"3064:TCP" = 3064:TCP:*:Enabled:Akamai NetSession Interface
"3379:TCP" = 3379:TCP:*:Enabled:Akamai NetSession Interface
"1111:TCP" = 1111:TCP:*:Enabled:Akamai NetSession Interface
"2908:TCP" = 2908:TCP:*:Enabled:Akamai NetSession Interface
"3249:TCP" = 3249:TCP:*:Enabled:Akamai NetSession Interface
"3258:TCP" = 3258:TCP:*:Enabled:Akamai NetSession Interface
"1191:TCP" = 1191:TCP:*:Enabled:Akamai NetSession Interface
"3658:TCP" = 3658:TCP:*:Enabled:Akamai NetSession Interface
"1203:TCP" = 1203:TCP:*:Enabled:Akamai NetSession Interface
"1050:TCP" = 1050:TCP:*:Enabled:Akamai NetSession Interface
"1979:TCP" = 1979:TCP:*:Enabled:Akamai NetSession Interface
"3619:TCP" = 3619:TCP:*:Enabled:Akamai NetSession Interface
"3410:TCP" = 3410:TCP:*:Enabled:Akamai NetSession Interface
"4317:TCP" = 4317:TCP:*:Enabled:Akamai NetSession Interface
"4373:TCP" = 4373:TCP:*:Enabled:Akamai NetSession Interface
"4395:TCP" = 4395:TCP:*:Enabled:Akamai NetSession Interface
"1426:TCP" = 1426:TCP:*:Enabled:Akamai NetSession Interface
"1794:TCP" = 1794:TCP:*:Enabled:Akamai NetSession Interface
"2006:TCP" = 2006:TCP:*:Enabled:Akamai NetSession Interface
"2621:TCP" = 2621:TCP:*:Enabled:Akamai NetSession Interface
"2605:TCP" = 2605:TCP:*:Enabled:Akamai NetSession Interface
"2645:TCP" = 2645:TCP:*:Enabled:Akamai NetSession Interface
"2674:TCP" = 2674:TCP:*:Enabled:Akamai NetSession Interface
"3695:TCP" = 3695:TCP:*:Enabled:Akamai NetSession Interface
"4061:TCP" = 4061:TCP:*:Enabled:Akamai NetSession Interface
"1725:TCP" = 1725:TCP:*:Enabled:Akamai NetSession Interface
"1836:TCP" = 1836:TCP:*:Enabled:Akamai NetSession Interface
"4149:TCP" = 4149:TCP:*:Enabled:Akamai NetSession Interface
"1978:TCP" = 1978:TCP:*:Enabled:Akamai NetSession Interface
"2037:TCP" = 2037:TCP:*:Enabled:Akamai NetSession Interface
"1056:TCP" = 1056:TCP:*:Enabled:Akamai NetSession Interface
"1134:TCP" = 1134:TCP:*:Enabled:Akamai NetSession Interface
"1161:TCP" = 1161:TCP:*:Enabled:Akamai NetSession Interface
"4123:TCP" = 4123:TCP:*:Enabled:Akamai NetSession Interface
"4334:TCP" = 4334:TCP:*:Enabled:Akamai NetSession Interface
"4502:TCP" = 4502:TCP:*:Enabled:Akamai NetSession Interface
"1395:TCP" = 1395:TCP:*:Enabled:Akamai NetSession Interface
"1092:TCP" = 1092:TCP:*:Enabled:Akamai NetSession Interface
"4679:TCP" = 4679:TCP:*:Enabled:Akamai NetSession Interface
"3031:TCP" = 3031:TCP:*:Enabled:Akamai NetSession Interface
"1139:TCP" = 1139:TCP:*:Enabled:Akamai NetSession Interface
"2101:TCP" = 2101:TCP:*:Enabled:Akamai NetSession Interface
"2128:TCP" = 2128:TCP:*:Enabled:Akamai NetSession Interface
"2297:TCP" = 2297:TCP:*:Enabled:Akamai NetSession Interface
"2339:TCP" = 2339:TCP:*:Enabled:Akamai NetSession Interface
"2995:TCP" = 2995:TCP:*:Enabled:Akamai NetSession Interface
"1125:TCP" = 1125:TCP:*:Enabled:Akamai NetSession Interface
"1062:TCP" = 1062:TCP:*:Enabled:Akamai NetSession Interface
"2546:TCP" = 2546:TCP:*:Enabled:Akamai NetSession Interface
"1312:TCP" = 1312:TCP:*:Enabled:Akamai NetSession Interface
"3794:TCP" = 3794:TCP:*:Enabled:Akamai NetSession Interface
"2349:TCP" = 2349:TCP:*:Enabled:Akamai NetSession Interface
"2795:TCP" = 2795:TCP:*:Enabled:Akamai NetSession Interface
"3277:TCP" = 3277:TCP:*:Enabled:Akamai NetSession Interface
"3303:TCP" = 3303:TCP:*:Enabled:Akamai NetSession Interface
"4034:TCP" = 4034:TCP:*:Enabled:Akamai NetSession Interface
"1956:TCP" = 1956:TCP:*:Enabled:Akamai NetSession Interface
"2119:TCP" = 2119:TCP:*:Enabled:Akamai NetSession Interface
"1198:TCP" = 1198:TCP:*:Enabled:Akamai NetSession Interface
"1235:TCP" = 1235:TCP:*:Enabled:Akamai NetSession Interface
"1270:TCP" = 1270:TCP:*:Enabled:Akamai NetSession Interface
"1298:TCP" = 1298:TCP:*:Enabled:Akamai NetSession Interface
"2405:TCP" = 2405:TCP:*:Enabled:Akamai NetSession Interface
"1514:TCP" = 1514:TCP:*:Enabled:Akamai NetSession Interface
"1143:TCP" = 1143:TCP:*:Enabled:Akamai NetSession Interface
"4886:TCP" = 4886:TCP:*:Enabled:Akamai NetSession Interface
"1250:TCP" = 1250:TCP:*:Enabled:Akamai NetSession Interface
"1429:TCP" = 1429:TCP:*:Enabled:Akamai NetSession Interface
"3565:TCP" = 3565:TCP:*:Enabled:Akamai NetSession Interface
"3659:TCP" = 3659:TCP:*:Enabled:Akamai NetSession Interface
"3806:TCP" = 3806:TCP:*:Enabled:Akamai NetSession Interface
"3962:TCP" = 3962:TCP:*:Enabled:Akamai NetSession Interface
"3694:TCP" = 3694:TCP:*:Enabled:Akamai NetSession Interface
"3763:TCP" = 3763:TCP:*:Enabled:Akamai NetSession Interface
"3811:TCP" = 3811:TCP:*:Enabled:Akamai NetSession Interface
"3861:TCP" = 3861:TCP:*:Enabled:Akamai NetSession Interface
"4745:TCP" = 4745:TCP:*:Enabled:Akamai NetSession Interface
"2298:TCP" = 2298:TCP:*:Enabled:Akamai NetSession Interface
"4930:TCP" = 4930:TCP:*:Enabled:Akamai NetSession Interface
"1236:TCP" = 1236:TCP:*:Enabled:Akamai NetSession Interface
"1970:TCP" = 1970:TCP:*:Enabled:Akamai NetSession Interface
"2265:TCP" = 2265:TCP:*:Enabled:Akamai NetSession Interface
"2377:TCP" = 2377:TCP:*:Enabled:Akamai NetSession Interface
"1327:TCP" = 1327:TCP:*:Enabled:Akamai NetSession Interface
"1311:TCP" = 1311:TCP:*:Enabled:Akamai NetSession Interface
"1415:TCP" = 1415:TCP:*:Enabled:Akamai NetSession Interface
"1152:TCP" = 1152:TCP:*:Enabled:Akamai NetSession Interface
"1403:TCP" = 1403:TCP:*:Enabled:Akamai NetSession Interface
"1377:TCP" = 1377:TCP:*:Enabled:Akamai NetSession Interface
"1373:TCP" = 1373:TCP:*:Enabled:Akamai NetSession Interface
"1670:TCP" = 1670:TCP:*:Enabled:Akamai NetSession Interface
"1726:TCP" = 1726:TCP:*:Enabled:Akamai NetSession Interface
"3870:TCP" = 3870:TCP:*:Enabled:Akamai NetSession Interface
"4154:TCP" = 4154:TCP:*:Enabled:Akamai NetSession Interface
"4555:TCP" = 4555:TCP:*:Enabled:Akamai NetSession Interface
"1942:TCP" = 1942:TCP:*:Enabled:Akamai NetSession Interface
"1247:TCP" = 1247:TCP:*:Enabled:Akamai NetSession Interface
"2551:TCP" = 2551:TCP:*:Enabled:Akamai NetSession Interface
"2658:TCP" = 2658:TCP:*:Enabled:Akamai NetSession Interface
"4269:TCP" = 4269:TCP:*:Enabled:Akamai NetSession Interface
"4974:TCP" = 4974:TCP:*:Enabled:Akamai NetSession Interface
"1607:TCP" = 1607:TCP:*:Enabled:Akamai NetSession Interface
"4545:TCP" = 4545:TCP:*:Enabled:Akamai NetSession Interface
"2227:TCP" = 2227:TCP:*:Enabled:Akamai NetSession Interface
"2993:TCP" = 2993:TCP:*:Enabled:Akamai NetSession Interface
"1218:TCP" = 1218:TCP:*:Enabled:Akamai NetSession Interface
"3100:TCP" = 3100:TCP:*:Enabled:Akamai NetSession Interface
"4624:TCP" = 4624:TCP:*:Enabled:Akamai NetSession Interface
"3242:TCP" = 3242:TCP:*:Enabled:Akamai NetSession Interface
"4668:TCP" = 4668:TCP:*:Enabled:Akamai NetSession Interface
"3076:TCP" = 3076:TCP:*:Enabled:Akamai NetSession Interface
"4301:TCP" = 4301:TCP:*:Enabled:Akamai NetSession Interface
"3158:TCP" = 3158:TCP:*:Enabled:Akamai NetSession Interface
"3237:TCP" = 3237:TCP:*:Enabled:Akamai NetSession Interface
"4267:TCP" = 4267:TCP:*:Enabled:Akamai NetSession Interface
"1123:TCP" = 1123:TCP:*:Enabled:Akamai NetSession Interface
"1287:TCP" = 1287:TCP:*:Enabled:Akamai NetSession Interface
"1501:TCP" = 1501:TCP:*:Enabled:Akamai NetSession Interface
"1635:TCP" = 1635:TCP:*:Enabled:Akamai NetSession Interface
"1740:TCP" = 1740:TCP:*:Enabled:Akamai NetSession Interface
"1151:TCP" = 1151:TCP:*:Enabled:Akamai NetSession Interface
"1736:TCP" = 1736:TCP:*:Enabled:Akamai NetSession Interface
"1167:TCP" = 1167:TCP:*:Enabled:Akamai NetSession Interface
"1640:TCP" = 1640:TCP:*:Enabled:Akamai NetSession Interface
"1117:TCP" = 1117:TCP:*:Enabled:Akamai NetSession Interface
"1049:TCP" = 1049:TCP:*:Enabled:Akamai NetSession Interface
"1594:TCP" = 1594:TCP:*:Enabled:Akamai NetSession Interface
"3005:TCP" = 3005:TCP:*:Enabled:Akamai NetSession Interface
"3108:TCP" = 3108:TCP:*:Enabled:Akamai NetSession Interface
"4448:TCP" = 4448:TCP:*:Enabled:Akamai NetSession Interface
"1811:TCP" = 1811:TCP:*:Enabled:Akamai NetSession Interface
"2200:TCP" = 2200:TCP:*:Enabled:Akamai NetSession Interface
"2530:TCP" = 2530:TCP:*:Enabled:Akamai NetSession Interface
"3886:TCP" = 3886:TCP:*:Enabled:Akamai NetSession Interface
"3938:TCP" = 3938:TCP:*:Enabled:Akamai NetSession Interface
"1096:TCP" = 1096:TCP:*:Enabled:Akamai NetSession Interface
"1229:TCP" = 1229:TCP:*:Enabled:Akamai NetSession Interface
"1153:TCP" = 1153:TCP:*:Enabled:Akamai NetSession Interface
"4879:TCP" = 4879:TCP:*:Enabled:Akamai NetSession Interface
"2309:TCP" = 2309:TCP:*:Enabled:Akamai NetSession Interface
"1212:TCP" = 1212:TCP:*:Enabled:Akamai NetSession Interface
"3058:TCP" = 3058:TCP:*:Enabled:Akamai NetSession Interface
"3913:TCP" = 3913:TCP:*:Enabled:Akamai NetSession Interface
"1051:TCP" = 1051:TCP:*:Enabled:Akamai NetSession Interface
"1073:TCP" = 1073:TCP:*:Enabled:Akamai NetSession Interface
"1214:TCP" = 1214:TCP:*:Enabled:Akamai NetSession Interface
"1281:TCP" = 1281:TCP:*:Enabled:Akamai NetSession Interface
"1413:TCP" = 1413:TCP:*:Enabled:Akamai NetSession Interface
"1070:TCP" = 1070:TCP:*:Enabled:Akamai NetSession Interface
"1114:TCP" = 1114:TCP:*:Enabled:Akamai NetSession Interface
"1380:TCP" = 1380:TCP:*:Enabled:Akamai NetSession Interface
"1634:TCP" = 1634:TCP:*:Enabled:Akamai NetSession Interface
"1063:TCP" = 1063:TCP:*:Enabled:Akamai NetSession Interface
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"1078:TCP" = 1078:TCP:*:Enabled:Akamai NetSession Interface
"1098:TCP" = 1098:TCP:*:Enabled:Akamai NetSession Interface
"1202:TCP" = 1202:TCP:*:Enabled:Akamai NetSession Interface
"4695:TCP" = 4695:TCP:*:Enabled:Akamai NetSession Interface
"4877:TCP" = 4877:TCP:*:Enabled:Akamai NetSession Interface
"2003:TCP" = 2003:TCP:*:Enabled:Akamai NetSession Interface
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"1105:TCP" = 1105:TCP:*:Enabled:Akamai NetSession Interface
"3244:TCP" = 3244:TCP:*:Enabled:Akamai NetSession Interface
"1065:TCP" = 1065:TCP:*:Enabled:Akamai NetSession Interface
"1205:TCP" = 1205:TCP:*:Enabled:Akamai NetSession Interface
"1042:TCP" = 1042:TCP:*:Enabled:Akamai NetSession Interface
"1296:TCP" = 1296:TCP:*:Enabled:Akamai NetSession Interface
"2166:TCP" = 2166:TCP:*:Enabled:Akamai NetSession Interface
"3746:TCP" = 3746:TCP:*:Enabled:Akamai NetSession Interface
"4037:TCP" = 4037:TCP:*:Enabled:Akamai NetSession Interface
"1389:TCP" = 1389:TCP:*:Enabled:Akamai NetSession Interface
"1642:TCP" = 1642:TCP:*:Enabled:Akamai NetSession Interface
"4616:TCP" = 4616:TCP:*:Enabled:Akamai NetSession Interface
"1080:TCP" = 1080:TCP:*:Enabled:Akamai NetSession Interface
"1061:TCP" = 1061:TCP:*:Enabled:Akamai NetSession Interface
"1549:TCP" = 1549:TCP:*:Enabled:Akamai NetSession Interface
"1669:TCP" = 1669:TCP:*:Enabled:Akamai NetSession Interface
"2607:TCP" = 2607:TCP:*:Enabled:Akamai NetSession Interface
"1108:TCP" = 1108:TCP:*:Enabled:Akamai NetSession Interface
"1159:TCP" = 1159:TCP:*:Enabled:Akamai NetSession Interface
"1774:TCP" = 1774:TCP:*:Enabled:Akamai NetSession Interface
"2407:TCP" = 2407:TCP:*:Enabled:Akamai NetSession Interface
"3209:TCP" = 3209:TCP:*:Enabled:Akamai NetSession Interface
"3473:TCP" = 3473:TCP:*:Enabled:Akamai NetSession Interface
"3508:TCP" = 3508:TCP:*:Enabled:Akamai NetSession Interface
"3647:TCP" = 3647:TCP:*:Enabled:Akamai NetSession Interface
"1141:TCP" = 1141:TCP:*:Enabled:Akamai NetSession Interface
"1066:TCP" = 1066:TCP:*:Enabled:Akamai NetSession Interface
"1089:TCP" = 1089:TCP:*:Enabled:Akamai NetSession Interface
"3011:TCP" = 3011:TCP:*:Enabled:Akamai NetSession Interface
"1054:TCP" = 1054:TCP:*:Enabled:Akamai NetSession Interface
"1188:TCP" = 1188:TCP:*:Enabled:Akamai NetSession Interface
"1347:TCP" = 1347:TCP:*:Enabled:Akamai NetSession Interface
"1487:TCP" = 1487:TCP:*:Enabled:Akamai NetSession Interface
"1544:TCP" = 1544:TCP:*:Enabled:Akamai NetSession Interface
"1603:TCP" = 1603:TCP:*:Enabled:Akamai NetSession Interface
"1661:TCP" = 1661:TCP:*:Enabled:Akamai NetSession Interface
"1747:TCP" = 1747:TCP:*:Enabled:Akamai NetSession Interface
"2909:TCP" = 2909:TCP:*:Enabled:Akamai NetSession Interface
"2967:TCP" = 2967:TCP:*:Enabled:Akamai NetSession Interface
"2981:TCP" = 2981:TCP:*:Enabled:Akamai NetSession Interface
"1047:TCP" = 1047:TCP:*:Enabled:Akamai NetSession Interface
"1142:TCP" = 1142:TCP:*:Enabled:Akamai NetSession Interface
"1343:TCP" = 1343:TCP:*:Enabled:Akamai NetSession Interface
"1420:TCP" = 1420:TCP:*:Enabled:Akamai NetSession Interface
"1469:TCP" = 1469:TCP:*:Enabled:Akamai NetSession Interface
"1242:TCP" = 1242:TCP:*:Enabled:Akamai NetSession Interface
"1307:TCP" = 1307:TCP:*:Enabled:Akamai NetSession Interface
"1366:TCP" = 1366:TCP:*:Enabled:Akamai NetSession Interface
"1466:TCP" = 1466:TCP:*:Enabled:Akamai NetSession Interface
"1483:TCP" = 1483:TCP:*:Enabled:Akamai NetSession Interface
"1557:TCP" = 1557:TCP:*:Enabled:Akamai NetSession Interface
"1572:TCP" = 1572:TCP:*:Enabled:Akamai NetSession Interface
"1592:TCP" = 1592:TCP:*:Enabled:Akamai NetSession Interface
"1612:TCP" = 1612:TCP:*:Enabled:Akamai NetSession Interface
"1650:TCP" = 1650:TCP:*:Enabled:Akamai NetSession Interface
"1665:TCP" = 1665:TCP:*:Enabled:Akamai NetSession Interface
"1984:TCP" = 1984:TCP:*:Enabled:Akamai NetSession Interface
"1071:TCP" = 1071:TCP:*:Enabled:Akamai NetSession Interface
"1460:TCP" = 1460:TCP:*:Enabled:Akamai NetSession Interface
"1531:TCP" = 1531:TCP:*:Enabled:Akamai NetSession Interface
"1052:TCP" = 1052:TCP:*:Enabled:Akamai NetSession Interface
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"1644:TCP" = 1644:TCP:*:Enabled:Akamai NetSession Interface
"2809:TCP" = 2809:TCP:*:Enabled:Akamai NetSession Interface
"1068:TCP" = 1068:TCP:*:Enabled:Akamai NetSession Interface
"1651:TCP" = 1651:TCP:*:Enabled:Akamai NetSession Interface
"1150:TCP" = 1150:TCP:*:Enabled:Akamai NetSession Interface
"4775:TCP" = 4775:TCP:*:Enabled:Akamai NetSession Interface
"4894:TCP" = 4894:TCP:*:Enabled:Akamai NetSession Interface
"1102:TCP" = 1102:TCP:*:Enabled:Akamai NetSession Interface
"1140:TCP" = 1140:TCP:*:Enabled:Akamai NetSession Interface
"1055:TCP" = 1055:TCP:*:Enabled:Akamai NetSession Interface
"1781:TCP" = 1781:TCP:*:Enabled:Akamai NetSession Interface
"1868:TCP" = 1868:TCP:*:Enabled:Akamai NetSession Interface
"2453:TCP" = 2453:TCP:*:Enabled:Akamai NetSession Interface
"1127:TCP" = 1127:TCP:*:Enabled:Akamai NetSession Interface
"1182:TCP" = 1182:TCP:*:Enabled:Akamai NetSession Interface
"2198:TCP" = 2198:TCP:*:Enabled:Akamai NetSession Interface
"1164:TCP" = 1164:TCP:*:Enabled:Akamai NetSession Interface
"1417:TCP" = 1417:TCP:*:Enabled:Akamai NetSession Interface
"1468:TCP" = 1468:TCP:*:Enabled:Akamai NetSession Interface
"4648:TCP" = 4648:TCP:*:Enabled:Akamai NetSession Interface
"3603:TCP" = 3603:TCP:*:Enabled:Akamai NetSession Interface
"3288:TCP" = 3288:TCP:*:Enabled:Akamai NetSession Interface
"2942:TCP" = 2942:TCP:*:Enabled:Akamai NetSession Interface
"1724:TCP" = 1724:TCP:*:Enabled:Akamai NetSession Interface
"1322:TCP" = 1322:TCP:*:Enabled:Akamai NetSession Interface
"1041:TCP" = 1041:TCP:*:Enabled:Akamai NetSession Interface
"24312:TCP" = 24312:TCP:*:Enabled:Akamai NetSession Interface
"1057:TCP" = 1057:TCP:*:Enabled:Akamai NetSession Interface
"40364:TCP" = 40364:TCP:*:Enabled:Akamai NetSession Interface
"42474:TCP" = 42474:TCP:*:Enabled:Akamai NetSession Interface
"1059:TCP" = 1059:TCP:*:Enabled:Akamai NetSession Interface
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"1744:TCP" = 1744:TCP:*:Enabled:Akamai NetSession Interface
"24804:TCP" = 24804:TCP:*:Enabled:Akamai NetSession Interface
"1040:TCP" = 1040:TCP:*:Enabled:Akamai NetSession Interface
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"9734:TCP" = 9734:TCP:*:Enabled:Akamai NetSession Interface
"31090:TCP" = 31090:TCP:*:Enabled:Akamai NetSession Interface
"32023:TCP" = 32023:TCP:*:Enabled:Akamai NetSession Interface
"3202:TCP" = 3202:TCP:*:Enabled:Akamai NetSession Interface
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher
"6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher
"6992:TCP" = 6992:TCP:*:Enabled:League of Legends Launcher
"6992:UDP" = 6992:UDP:*:Enabled:League of Legends Launcher
"6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
"6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
"6881:TCP" = 6881:TCP:*:Enabled:League of Legends Launcher
"6881:UDP" = 6881:UDP:*:Enabled:League of Legends Launcher
"1046:TCP" = 1046:TCP:*:Enabled:Akamai NetSession Interface
"20889:TCP" = 20889:TCP:*:Enabled:Akamai NetSession Interface
"21580:TCP" = 21580:TCP:*:Enabled:Akamai NetSession Interface
"6885:TCP" = 6885:TCP:*:Enabled:League of Legends Launcher
"6885:UDP" = 6885:UDP:*:Enabled:League of Legends Launcher
"28004:TCP" = 28004:TCP:*:Enabled:Akamai NetSession Interface
"6944:TCP" = 6944:TCP:*:Enabled:League of Legends Launcher
"6944:UDP" = 6944:UDP:*:Enabled:League of Legends Launcher
"1132:TCP" = 1132:TCP:*:Enabled:Akamai NetSession Interface
"1095:TCP" = 1095:TCP:*:Enabled:Akamai NetSession Interface
"1231:TCP" = 1231:TCP:*:Enabled:Akamai NetSession Interface
"6942:TCP" = 6942:TCP:*:Enabled:League of Legends Launcher
"6942:UDP" = 6942:UDP:*:Enabled:League of Legends Launcher
"6997:TCP" = 6997:TCP:*:Enabled:League of Legends Launcher
"6997:UDP" = 6997:UDP:*:Enabled:League of Legends Launcher
"1109:TCP" = 1109:TCP:*:Enabled:Akamai NetSession Interface
"1157:TCP" = 1157:TCP:*:Enabled:Akamai NetSession Interface
"1493:TCP" = 1493:TCP:*:Enabled:Akamai NetSession Interface
"1224:TCP" = 1224:TCP:*:Enabled:Akamai NetSession Interface
"2142:TCP" = 2142:TCP:*:Enabled:Akamai NetSession Interface
"1226:TCP" = 1226:TCP:*:Enabled:Akamai NetSession Interface
"1094:TCP" = 1094:TCP:*:Enabled:Akamai NetSession Interface
"2794:TCP" = 2794:TCP:*:Enabled:Akamai NetSession Interface
"3906:TCP" = 3906:TCP:*:Enabled:Akamai NetSession Interface
"4929:TCP" = 4929:TCP:*:Enabled:Akamai NetSession Interface
"2513:TCP" = 2513:TCP:*:Enabled:Akamai NetSession Interface
"3577:TCP" = 3577:TCP:*:Enabled:Akamai NetSession Interface
"4048:TCP" = 4048:TCP:*:Enabled:Akamai NetSession Interface
"4119:TCP" = 4119:TCP:*:Enabled:Akamai NetSession Interface
"4246:TCP" = 4246:TCP:*:Enabled:Akamai NetSession Interface
"4417:TCP" = 4417:TCP:*:Enabled:Akamai NetSession Interface
"4638:TCP" = 4638:TCP:*:Enabled:Akamai NetSession Interface
"4688:TCP" = 4688:TCP:*:Enabled:Akamai NetSession Interface
"1282:TCP" = 1282:TCP:*:Enabled:Akamai NetSession Interface
"1666:TCP" = 1666:TCP:*:Enabled:Akamai NetSession Interface
"4180:TCP" = 4180:TCP:*:Enabled:Akamai NetSession Interface
"1106:TCP" = 1106:TCP:*:Enabled:Akamai NetSession Interface
"1204:TCP" = 1204:TCP:*:Enabled:Akamai NetSession Interface
"1126:TCP" = 1126:TCP:*:Enabled:Akamai NetSession Interface
"1264:TCP" = 1264:TCP:*:Enabled:Akamai NetSession Interface
"1115:TCP" = 1115:TCP:*:Enabled:Akamai NetSession Interface
"3155:TCP" = 3155:TCP:*:Enabled:Akamai NetSession Interface
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\svchost.exe" = C:\WINDOWS\svchost.exe:*:Enabled:Microsoft Corp
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files (x86)\Opera\opera.exe" = C:\Program Files (x86)\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" = C:\Program Files (x86)\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\Steam\steamapps\common\thepolynomial\Polynomial.exe" = C:\Program Files (x86)\Steam\steamapps\common\thepolynomial\Polynomial.exe:*:Enabled:The Polynomial -- ()
"E:\Bullet Storm\Binaries\Win32\ShippingPC-StormGame.exe" = E:\Bullet Storm\Binaries\Win32\ShippingPC-StormGame.exe:*:Enabled:Bulletstorm -- (Epic Games, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Windows.exe" = C:\Documents and Settings\Administrator\Application Data\Windows.exe:*:Enabled:Windows Messanger -- ()
"C:\Documents and Settings\Administrator\Application Data\ctfmon.exe" = C:\Documents and Settings\Administrator\Application Data\ctfmon.exe:*:Enabled:Windows Messanger
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\wowsir8\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\wowsir8\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\svchost.exe" = C:\WINDOWS\svchost.exe:*:Enabled:Microsoft Corp
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files (x86)\Opera\opera.exe" = C:\Program Files (x86)\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" = C:\Program Files (x86)\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files (x86)\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\Steam\steamapps\common\thepolynomial\Polynomial.exe" = C:\Program Files (x86)\Steam\steamapps\common\thepolynomial\Polynomial.exe:*:Enabled:The Polynomial -- ()
"E:\Bullet Storm\Binaries\Win32\ShippingPC-StormGame.exe" = E:\Bullet Storm\Binaries\Win32\ShippingPC-StormGame.exe:*:Enabled:Bulletstorm -- (Epic Games, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Windows.exe" = C:\Documents and Settings\Administrator\Application Data\Windows.exe:*:Enabled:Windows Messanger -- ()
"C:\Documents and Settings\Administrator\Application Data\ctfmon.exe" = C:\Documents and Settings\Administrator\Application Data\ctfmon.exe:*:Enabled:Windows Messanger
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\wowsir8\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\wowsir8\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9F313496-82E8-4A99-9D4C-311531023746}" = TortoiseSVN 1.6.7.18415 (64 bit)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 263.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.6.9
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.04" = Virtual Audio Cable 4.04
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{49C69876-0196-4620-B237-EA334C2E40B5}" = ActivePerl 5.10.0 Build 1002
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}" = InstallIQ Updater
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60147180-8370-44BC-9BBD-E554D86F0BA3}" = Livestream Procaster
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C85B95-E971-4705-B3ED-D4A0153C0D5B}" = SAMSUNG USB Driver for Mobile Phones V5.2.0.0
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8953B0FA-958C-7079-1B24-D7B2E3A7AF99}" = Market Samurai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 8.0.555.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.2.0
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"CCleaner" = CCleaner
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"conduitEngine" = Conduit Engine
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.6 (Evaluation)
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"EA Download Manager" = EA Download Manager
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EpicBot" = EpicBot
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.4.1
"FormatFactory" = FormatFactory 2.20
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Game Booster_is1" = Game Booster
"GameGain_is1" = GameGain
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GoldWave v5.58" = GoldWave v5.58
"GomezPEER" = GomezPEER
"Greenfoot_is1" = Greenfoot 1.5.6
"Havij_is1" = Havij 1.13 Free
"hon" = Heroes of Newerth
"HyperCam 2" = HyperCam 2
"HyperCam 3" = HyperCam 3
"HyperCam Toolbar" = HyperCam Toolbar
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"InstallShield_{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LivePerson Expert Messenger" = LivePerson Expert Messenger
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"MapleStory" = MapleStory
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.1
"PeerMatrix" = PeerMatrix 2.6
"PFPortChecker" = PFPortChecker 1.0.32
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Proxy Finder" = Proxy Finder
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Ronda Ocx ~ 2011" = Ronda Ocx ~ 2011
"Simple Port Forwarding" = Simple Port Forwarding
"Snail Mail_is1" = Snail Mail
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Color Picker
"StarCraft II" = StarCraft II
"Steam App 12900" = Audiosurf
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 67000" = The Polynomial
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"ToneGen" = NCH Tone Generator
"ToneGenHQY" = Audio Signal Generator
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Wireshark" = Wireshark 1.4.2
"World of Warcraft" = World of Warcraft
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6a1ac6e3fce4ac06" = ViewingNetwork
"AI RoboForm" = AI RoboForm
"Google Chrome" = Google Chrome
"JScreenFix deluxe" = JScreenFix deluxe
"Octoshape Streaming Services" = Octoshape Streaming Services
"SwiftKit" = SwiftKit
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2/28/2011 3:54:01 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application pcjybchkq.exe, version 0.0.0.0, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 2/28/2011 3:54:41 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application gamebooster.exe, version 1.4.0.88, faulting module
 rasapi32.dll, version 5.2.3790.3959, fault address 0x00033d30.
 
Error - 2/28/2011 4:05:49 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application gamebooster.exe, version 1.4.0.88, faulting module
 rasapi32.dll, version 5.2.3790.3959, fault address 0x00033d30.
 
Error - 2/28/2011 4:06:54 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application gamebooster.exe, version 1.4.0.88, faulting module
 rasapi32.dll, version 5.2.3790.3959, fault address 0x00033d30.
 
Error - 2/28/2011 4:09:31 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.2.3790.3959, faulting 
module rasapi32.dll, version 5.2.3790.3959, fault address 0x000000000004aa05.
 
Error - 2/28/2011 4:09:34 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.2.3790.3959, faulting 
module rasapi32.dll, version 5.2.3790.3959, fault address 0x000000000004aa05.
 
Error - 2/28/2011 4:11:21 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.2.3790.3959, faulting 
module rasapi32.dll, version 5.2.3790.3959, fault address 0x000000000004aa05.
 
Error - 2/28/2011 4:11:56 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application pcjybchkq.exe, version 0.0.0.0, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 2/28/2011 4:13:03 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application gamebooster.exe, version 1.4.0.88, faulting module
 rasapi32.dll, version 5.2.3790.3959, fault address 0x00033d30.
 
Error - 2/28/2011 4:38:07 PM | Computer Name = BURT | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.2.3790.3959, faulting 
module rasapi32.dll, version 5.2.3790.3959, fault address 0x000000000004aa05.
 
[ System Events ]
Error - 2/28/2011 4:33:16 PM | Computer Name = BURT | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 2/28/2011 4:37:57 PM | Computer Name = BURT | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 2/28/2011 4:37:58 PM | Computer Name = BURT | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 2/28/2011 4:38:39 PM | Computer Name = BURT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
 with DCOM within the required timeout.
 
Error - 2/28/2011 4:39:10 PM | Computer Name = BURT | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
Error - 2/28/2011 4:49:15 PM | Computer Name = BURT | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 2/28/2011 4:49:15 PM | Computer Name = BURT | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 2/28/2011 4:49:19 PM | Computer Name = BURT | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
 with the following error:   %%10047
 
Error - 2/28/2011 4:50:29 PM | Computer Name = BURT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
 with DCOM within the required timeout.
 
Error - 2/28/2011 4:50:59 PM | Computer Name = BURT | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
 
< End of report >

Edited by wowser8, 28 February 2011 - 07:01 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 28 February 2011 - 08:00 PM

wowsers,I have spent a lot of time today trying to find a simlpler or quicker solution and I cannot,this one has me beat. One option is to ost that OTL log in a new topic here Virus, Trojan, Spyware, and Malware Removal Logs.
Use the same title and include this link to this topic.

http://www.bleepingcomputer.com/forums/topic381817.html/page__pid__2151539#entry2151539

It will take a few days but if there is something hidden they will find it.
OPtion 2 in flatten and reinstall the operating system. Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.


I wish I could do more.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:42 AM

Posted 01 March 2011 - 10:03 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic382224.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users