Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting me to sites.instaapp.com


  • This topic is locked This topic is locked
34 replies to this topic

#1 deathx88

deathx88

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 19 July 2011 - 12:22 PM

Every time i use google in firefox i get redirected to a different search engine site called sites.instaapp. It looks like a google clone to me. It doesn't seem to happen when i use chrome or internet explorer though. Further testing showed me that it only seems to be the firefox default homepage that redirects me to this. If i go to google.com it's usually fine. I'm thinking this is some type of virus, i don't have any unusual program installed or anything.

I'm also having 2 other problems as well, but I'm not sure if they're hardware problems or maleware but i would like a root kit scan just to make sure.
My one problem is my wireless internet. I'm using a netgear adapter on my pc but every time i start my computer it won't connect. I either have to restart my entire computer or sometimes restart the wlan config in the services.msc menu to get it to work.
My other problem is my mouse. It seems to have some strange double click thing that just started. Either it will double click with one click or when i try and drag or highlight stuff it cuts out in the middle. It's very frustrating but this might actually be a broken mouse problem.


I've ran malwarebytes several times but it never comes up with anything.
Here's my very last log.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7203

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

7/19/2011 12:55:29 PM
mbam-log-2011-07-19 (12-55-29).txt

Scan type: Quick scan
Objects scanned: 165278
Time elapsed: 11 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 27 July 2011 - 09:09 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 28 July 2011 - 05:02 PM

I ran defogger and disabled everything just fine.

I tried running DDS but couldn't get it to show any logs, it seems like it froze up when using it.
I disabled Avira and ran it for about an hour. Nothing happened, it just sat at the screen. I then tried to run it in safe but still no luck with that.

So I'm not sure what could be wrong.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 28 July 2011 - 05:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 28 July 2011 - 10:14 PM

Well, i tried to run combofix and it's doing he same thing as DDS, its' just hanging there.
It seems like combofix has never worked for me, i've tried to use it a few times in the past when you guys have helped me out with other malware problems.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 28 July 2011 - 10:21 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 29 July 2011 - 12:36 PM

ComboFix 11-07-28.06 - Deathx 07/29/2011 12:52:15.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1614 [GMT -4:00]
Running from: c:\users\Deathx\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\programdata\boost_interprocess\20110629130320.359599
c:\windows\security\Database\tmp.edb
c:\windows\system32\winservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCM_Service
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 17:05 . 2011-07-29 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 18:07 . 2011-07-14 18:07 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-12 03:13 . 2011-07-19 16:41 -------- d-----w- C:\ds stuff
2011-06-30 16:42 . 2011-07-02 08:54 -------- d-----w- c:\program files\getdislike
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-06-24 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-06-24 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 15:15 . 2011-05-31 20:45 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-05 15:15 . 2011-05-31 20:45 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 12:18 . 2011-06-24 12:19 66896 ----a-w- C:\mbam-clean.exe
2011-06-01 01:10 . 2010-05-31 01:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-31 20:26 . 2011-05-31 20:26 879092 ----a-w- C:\SecurityCheck.exe
2011-05-25 21:12 . 2011-05-25 21:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 06:44 . 2011-05-01 06:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-09 273544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-06-03 281768]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Deathx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2010-5-7 42168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-05-08 13:33 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-28 19:34 136176 ----atw- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 22:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-07-03 19:44 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-25 21:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-09 22:03 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2639382710-2165961276-3469681303-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-06 191752]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-20 691696]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 21728]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-03 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-07 206336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000Core.job
- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 19:34]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000UA.job
- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DAC44FBE-D014-413C-852E-13762E4A0290}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ce7499e7-af3c-4662-ac92-454212345ddb} - (no file)
URLSearchHooks-{f689bafc-70f0-4550-9001-dc2a1cc8c0dd} - (no file)
WebBrowser-{EF90BFD2-E4F2-438A-91FE-C452D6E8264E} - (no file)
WebBrowser-{CE7499E7-AF3C-4662-AC92-454212345DDB} - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 13:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\sI9\wwBwv|*P*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\W9\Bw*wB@wKv|*P*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:78,0e,5b,00,15,ae,d2,75,1e,48,cf,de,29,74,dc,31,2d,8a,dc,b4,92,
70,64,c0,9e,80,2e,85,a6,26,9a,5a,ad,8a,df,3b,29,b9,0f,8c,99,04,89,52,c8,54,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:78,0e,5b,00,15,ae,d2,75,1e,48,cf,de,29,74,dc,31,2d,8a,dc,b4,92,
70,64,c0,9e,80,2e,85,a6,26,9a,5a,ad,8a,df,3b,29,b9,0f,8c,99,04,89,52,c8,54,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(308)
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-07-29 13:16:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-29 17:16
.
Pre-Run: 47,012,995,072 bytes free
Post-Run: 46,707,900,416 bytes free
.
- - End Of File - - D808A016D4243DCE1C5D0CC3A91D9D3F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 29 July 2011 - 02:19 PM

Hello

how is the computer doing now.

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 29 July 2011 - 04:59 PM

My computer still seems to be the same. I forgot to mention i resolved the other 2 problems i was having with my mouse and internet. It turned out it was hardware and software problem. Although, google is still redirecting me when i use the firefox home page.

Here's my log.

2011/07/29 17:29:58.0156 2924 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/29 17:29:58.0579 2924 ================================================================================
2011/07/29 17:29:58.0579 2924 SystemInfo:
2011/07/29 17:29:58.0579 2924
2011/07/29 17:29:58.0579 2924 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/29 17:29:58.0579 2924 Product type: Workstation
2011/07/29 17:29:58.0579 2924 ComputerName: DEATHX-PC
2011/07/29 17:29:58.0580 2924 UserName: Deathx
2011/07/29 17:29:58.0580 2924 Windows directory: C:\Windows
2011/07/29 17:29:58.0580 2924 System windows directory: C:\Windows
2011/07/29 17:29:58.0580 2924 Processor architecture: Intel x86
2011/07/29 17:29:58.0580 2924 Number of processors: 2
2011/07/29 17:29:58.0580 2924 Page size: 0x1000
2011/07/29 17:29:58.0580 2924 Boot type: Normal boot
2011/07/29 17:29:58.0580 2924 ================================================================================
2011/07/29 17:29:59.0380 2924 Initialize success
2011/07/29 17:30:10.0758 3156 ================================================================================
2011/07/29 17:30:10.0758 3156 Scan started
2011/07/29 17:30:10.0758 3156 Mode: Manual;
2011/07/29 17:30:10.0758 3156 ================================================================================
2011/07/29 17:30:11.0259 3156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/29 17:30:11.0354 3156 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/29 17:30:11.0404 3156 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/29 17:30:11.0452 3156 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/29 17:30:11.0491 3156 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/29 17:30:11.0597 3156 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/07/29 17:30:11.0669 3156 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/29 17:30:11.0709 3156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/29 17:30:11.0768 3156 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/29 17:30:11.0813 3156 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/29 17:30:11.0844 3156 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/29 17:30:11.0909 3156 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/29 17:30:11.0958 3156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/29 17:30:12.0025 3156 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/07/29 17:30:12.0115 3156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/29 17:30:12.0181 3156 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/29 17:30:12.0211 3156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/29 17:30:12.0276 3156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/29 17:30:12.0414 3156 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/29 17:30:12.0485 3156 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/29 17:30:12.0552 3156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/29 17:30:12.0618 3156 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/29 17:30:12.0701 3156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/29 17:30:12.0729 3156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/29 17:30:12.0793 3156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/29 17:30:12.0863 3156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/29 17:30:12.0905 3156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/29 17:30:12.0948 3156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/29 17:30:13.0000 3156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/29 17:30:13.0047 3156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/29 17:30:13.0175 3156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/29 17:30:13.0227 3156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/29 17:30:13.0276 3156 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/29 17:30:13.0351 3156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/29 17:30:13.0401 3156 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/29 17:30:13.0439 3156 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/29 17:30:13.0490 3156 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/29 17:30:13.0538 3156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/29 17:30:13.0641 3156 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/07/29 17:30:13.0727 3156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/29 17:30:13.0851 3156 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/29 17:30:13.0938 3156 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/29 17:30:13.0986 3156 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/29 17:30:14.0063 3156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/29 17:30:14.0119 3156 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/29 17:30:14.0181 3156 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/29 17:30:14.0308 3156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/29 17:30:14.0379 3156 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/29 17:30:14.0439 3156 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/29 17:30:14.0577 3156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/29 17:30:14.0677 3156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/29 17:30:14.0711 3156 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/29 17:30:14.0800 3156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/29 17:30:14.0835 3156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/29 17:30:14.0884 3156 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/29 17:30:14.0947 3156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/29 17:30:14.0997 3156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/29 17:30:15.0029 3156 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/29 17:30:15.0136 3156 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/29 17:30:15.0208 3156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/29 17:30:15.0257 3156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/29 17:30:15.0296 3156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/29 17:30:15.0371 3156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/29 17:30:15.0463 3156 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/29 17:30:15.0556 3156 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/07/29 17:30:15.0603 3156 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/07/29 17:30:15.0682 3156 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/29 17:30:15.0714 3156 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/29 17:30:15.0758 3156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/29 17:30:15.0796 3156 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/29 17:30:15.0847 3156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/29 17:30:15.0986 3156 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/29 17:30:16.0046 3156 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/29 17:30:16.0084 3156 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/29 17:30:16.0152 3156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/29 17:30:16.0228 3156 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/29 17:30:16.0282 3156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/29 17:30:16.0312 3156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/29 17:30:16.0352 3156 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/29 17:30:16.0424 3156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/29 17:30:16.0468 3156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/29 17:30:16.0507 3156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/29 17:30:16.0627 3156 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\Windows\system32\DRIVERS\ctpdusb.sys
2011/07/29 17:30:16.0681 3156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/29 17:30:16.0709 3156 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/07/29 17:30:16.0792 3156 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/29 17:30:16.0918 3156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/29 17:30:16.0985 3156 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/29 17:30:17.0022 3156 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/29 17:30:17.0073 3156 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/29 17:30:17.0126 3156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/29 17:30:17.0180 3156 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/29 17:30:17.0210 3156 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/29 17:30:17.0263 3156 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/29 17:30:17.0316 3156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/29 17:30:17.0363 3156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/29 17:30:17.0410 3156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/29 17:30:17.0447 3156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/29 17:30:17.0488 3156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/29 17:30:17.0537 3156 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/29 17:30:17.0590 3156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/29 17:30:17.0631 3156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/29 17:30:17.0691 3156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/29 17:30:17.0750 3156 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/29 17:30:17.0808 3156 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/29 17:30:17.0854 3156 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/29 17:30:17.0920 3156 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/29 17:30:17.0951 3156 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/29 17:30:18.0018 3156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/29 17:30:18.0098 3156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/29 17:30:18.0197 3156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/29 17:30:18.0238 3156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/29 17:30:18.0274 3156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/29 17:30:18.0335 3156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/29 17:30:18.0394 3156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/29 17:30:18.0422 3156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/29 17:30:18.0470 3156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/29 17:30:18.0535 3156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/29 17:30:18.0604 3156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/29 17:30:18.0649 3156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/29 17:30:18.0679 3156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/29 17:30:18.0719 3156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/29 17:30:18.0762 3156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/29 17:30:18.0833 3156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/29 17:30:18.0869 3156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/29 17:30:18.0976 3156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/29 17:30:19.0033 3156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/29 17:30:19.0095 3156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/29 17:30:19.0179 3156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/29 17:30:19.0258 3156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/29 17:30:19.0291 3156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/29 17:30:19.0393 3156 NVENETFD (de3fcf6a5aaca198b22998330c3c64d9) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/29 17:30:19.0670 3156 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/29 17:30:19.0801 3156 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/29 17:30:19.0854 3156 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
2011/07/29 17:30:19.0900 3156 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
2011/07/29 17:30:19.0965 3156 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/29 17:30:20.0005 3156 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\drivers\nvstor32.sys
2011/07/29 17:30:20.0070 3156 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/29 17:30:20.0194 3156 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/29 17:30:20.0260 3156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/29 17:30:20.0309 3156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/29 17:30:20.0354 3156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/29 17:30:20.0452 3156 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (ba3ec919dd303ca6700348cca1d8f317) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
2011/07/29 17:30:20.0517 3156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/29 17:30:20.0570 3156 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/29 17:30:20.0615 3156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/29 17:30:20.0671 3156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/29 17:30:20.0797 3156 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/07/29 17:30:20.0934 3156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/29 17:30:20.0974 3156 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/29 17:30:21.0044 3156 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/07/29 17:30:21.0095 3156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/29 17:30:21.0163 3156 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/29 17:30:21.0239 3156 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/29 17:30:21.0277 3156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/29 17:30:21.0334 3156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/29 17:30:21.0375 3156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/29 17:30:21.0433 3156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/29 17:30:21.0506 3156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/29 17:30:21.0562 3156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/29 17:30:21.0600 3156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/29 17:30:21.0638 3156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/29 17:30:21.0685 3156 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/29 17:30:21.0719 3156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/29 17:30:21.0784 3156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/29 17:30:21.0894 3156 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
2011/07/29 17:30:21.0972 3156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/29 17:30:22.0032 3156 RTL8187 (a12a7665323c99958a208b6b31cfc624) C:\Windows\system32\DRIVERS\wg111v2.sys
2011/07/29 17:30:22.0144 3156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/29 17:30:22.0197 3156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/29 17:30:22.0252 3156 SbieDrv (8767091e7b57c686b3f97754c30949be) C:\Program Files\Sandboxie\SbieDrv.sys
2011/07/29 17:30:22.0306 3156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/29 17:30:22.0405 3156 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/07/29 17:30:22.0485 3156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/29 17:30:22.0538 3156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/29 17:30:22.0584 3156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/29 17:30:22.0616 3156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/29 17:30:22.0700 3156 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/29 17:30:22.0738 3156 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/29 17:30:22.0782 3156 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/29 17:30:22.0813 3156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/29 17:30:22.0876 3156 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/29 17:30:22.0915 3156 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/29 17:30:22.0952 3156 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/29 17:30:23.0045 3156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/29 17:30:23.0102 3156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/29 17:30:23.0207 3156 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/07/29 17:30:23.0266 3156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/29 17:30:23.0315 3156 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/29 17:30:23.0356 3156 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/29 17:30:23.0426 3156 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/29 17:30:23.0542 3156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/29 17:30:23.0600 3156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/29 17:30:23.0641 3156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/29 17:30:23.0683 3156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/29 17:30:23.0826 3156 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/29 17:30:23.0904 3156 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/29 17:30:23.0974 3156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/29 17:30:24.0017 3156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/29 17:30:24.0049 3156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/29 17:30:24.0119 3156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/29 17:30:24.0181 3156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/29 17:30:24.0291 3156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/29 17:30:24.0340 3156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/29 17:30:24.0373 3156 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/29 17:30:24.0415 3156 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/29 17:30:24.0480 3156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/29 17:30:24.0554 3156 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/29 17:30:24.0602 3156 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/29 17:30:24.0659 3156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/29 17:30:24.0692 3156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/29 17:30:24.0744 3156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/29 17:30:24.0844 3156 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/29 17:30:24.0920 3156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/29 17:30:24.0950 3156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/29 17:30:25.0025 3156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/29 17:30:25.0081 3156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/29 17:30:25.0135 3156 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/29 17:30:25.0171 3156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/29 17:30:25.0222 3156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/29 17:30:25.0276 3156 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/29 17:30:25.0323 3156 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/29 17:30:25.0408 3156 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/29 17:30:25.0455 3156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/29 17:30:25.0487 3156 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/29 17:30:25.0525 3156 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/29 17:30:25.0579 3156 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/29 17:30:25.0649 3156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/29 17:30:25.0704 3156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/29 17:30:25.0744 3156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/29 17:30:25.0783 3156 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/29 17:30:25.0857 3156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/29 17:30:25.0900 3156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 17:30:25.0948 3156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 17:30:26.0022 3156 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/29 17:30:26.0083 3156 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/29 17:30:26.0219 3156 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/29 17:30:26.0355 3156 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/29 17:30:26.0499 3156 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/29 17:30:26.0527 3156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/29 17:30:26.0617 3156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/29 17:30:26.0676 3156 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/29 17:30:26.0833 3156 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/29 17:30:26.0896 3156 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk1\DR1
2011/07/29 17:30:27.0152 3156 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk2\DR2
2011/07/29 17:30:27.0188 3156 Boot (0x1200) (9a426c503d5fbfdec8b4824fdb11252c) \Device\Harddisk0\DR0\Partition0
2011/07/29 17:30:27.0223 3156 Boot (0x1200) (38c6d199d328c5324100f82d26d20da4) \Device\Harddisk1\DR1\Partition0
2011/07/29 17:30:27.0260 3156 Boot (0x1200) (c03f5bca8b2e5d7fe6db1325c698965a) \Device\Harddisk1\DR1\Partition1
2011/07/29 17:30:27.0294 3156 Boot (0x1200) (afe2cf4ab1f00aaf1ce0454fbf859693) \Device\Harddisk2\DR2\Partition0
2011/07/29 17:30:27.0331 3156 Boot (0x1200) (331240398687b70301c7e1b167e24ce1) \Device\Harddisk2\DR2\Partition1
2011/07/29 17:30:27.0352 3156 ================================================================================
2011/07/29 17:30:27.0352 3156 Scan finished
2011/07/29 17:30:27.0352 3156 ================================================================================
2011/07/29 17:30:27.0383 2588 Detected object count: 0
2011/07/29 17:30:27.0383 2588 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 29 July 2011 - 10:02 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 30 July 2011 - 12:49 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Deathx-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 00-23-C3-D1-41-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
Physical Address. . . . . . . . . : 00-1F-33-83-86-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::23:56cb:5b3f:f950%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 29, 2011 5:28:38 PM
Lease Expires . . . . . . . . . . : Friday, August 05, 2011 5:28:38 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 268443443
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-75-37-0E-00-21-97-24-22-2F
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-24-22-2F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5052D157-06AE-4C6F-B2A9-3E41AC4E63E3}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c89:22f0:b980:64a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c89:22f0:b980:64a%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EEF01940-742A-4525-B9F4-F2A3D40B651C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.47.106
74.125.47.103
74.125.47.99
74.125.47.147
74.125.47.104
74.125.47.105

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56



Pinging google.com [74.125.47.147] with 32 bytes of data:

Reply from 74.125.47.147: bytes=32 time=32ms TTL=55

Reply from 74.125.47.147: bytes=32 time=31ms TTL=55



Ping statistics for 74.125.47.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 32ms, Average = 31ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=38ms TTL=56

Reply from 209.191.122.70: bytes=32 time=35ms TTL=56



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 38ms, Average = 36ms

===========================================================================
Interface List
19 ...00 23 c3 d1 41 de ...... Hamachi Network Interface
12 ...00 1f 33 83 86 9d ...... NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
10 ...00 21 97 24 22 2f ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{5052D157-06AE-4C6F-B2A9-3E41AC4E63E3}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
21 ...00 00 00 00 00 00 00 e0 isatap.{EEF01940-742A-4525-B9F4-F2A3D40B651C}
22 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
23 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.15 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.15 281
192.168.0.15 255.255.255.255 On-link 192.168.0.15 281
192.168.0.255 255.255.255.255 On-link 192.168.0.15 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 13 276
224.0.0.0 240.0.0.0 On-link 192.168.0.15 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 13 276
255.255.255.255 255.255.255.255 On-link 192.168.0.15 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.2 Default
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 18 ::/0 On-link
1 306 ::1/128 On-link
13 18 2001::/32 On-link
13 266 2001:0:4137:9e76:2c89:22f0:b980:64a/128
On-link
12 281 fe80::/64 On-link
13 266 fe80::/64 On-link
12 281 fe80::23:56cb:5b3f:f950/128
On-link
13 266 fe80::2c89:22f0:b980:64a/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 30 July 2011 - 01:43 AM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 30 July 2011 - 08:20 AM

OTL logfile created on: 7/30/2011 8:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Deathx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 61.90% Memory free
6.21 Gb Paging File | 4.83 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.78 Gb Total Space | 43.49 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive D: | 10.98 Gb Total Space | 1.49 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive F: | 233.76 Gb Total Space | 22.71 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive G: | 5.50 Gb Total Space | 0.92 Gb Free Space | 16.71% Space Free | Partition Type: FAT32
Drive H: | 147.14 Gb Total Space | 2.88 Gb Free Space | 1.96% Space Free | Partition Type: NTFS

Computer Name: DEATHX-PC | User Name: Deathx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Deathx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Deathx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys ()
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (Realtek Semiconductor Corporation )
DRV - (SCMNdisP) -- C:\Windows\system32\DRIVERS\scmndisp.sys (Windows ® Codename Longhorn DDK provider)
DRV - (Jukebox3) -- C:\Windows\System32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Deathx\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Deathx\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Deathx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/04/09 18:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/04/09 18:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\OpinionSquare
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 02:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 20:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}: C:\Program Files\getdislike\getdislike\getdislike [2011/06/17 17:54:04 | 000,009,216 | ---- | M] (GetDislike)

[2010/05/07 03:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Extensions
[2011/07/21 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions
[2011/06/29 14:27:57 | 000,000,000 | ---D | M] (Sc-s.Com Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}
[2011/06/26 13:55:33 | 000,000,000 | ---D | M] (LogiTool Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}
[2011/06/26 13:55:35 | 000,000,000 | ---D | M] (ClixSense.com Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
[2011/07/10 12:13:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/27 02:20:48 | 000,000,000 | ---D | M] (sweeva Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{a2fed9e7-317c-4758-ba61-aef9ecdbd7bf}
[2011/06/26 16:37:55 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/06/30 12:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/30 12:43:00 | 000,000,000 | ---D | M] (GetDislike.com) -- C:\Program Files\Mozilla Firefox\extensions\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}
[2011/05/31 21:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/06/26 02:44:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/31 21:10:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/29 13:08:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Deathx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 23:06:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 08:50:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Deathx\Desktop\OTL.exe
[2011/07/29 17:29:35 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Deathx\Desktop\tdsskiller.exe
[2011/07/29 13:16:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/29 13:08:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/28 20:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/28 20:04:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/28 20:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/28 20:04:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 20:03:28 | 004,156,822 | R--- | C] (Swearware) -- C:\Users\Deathx\Desktop\ComboFix.exe
[2011/07/28 18:03:13 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Deathx\Desktop\dds.com
[2011/07/28 14:45:42 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Deathx\Desktop\dds.scr
[2011/07/28 13:17:41 | 000,000,000 | ---D | C] -- C:\Users\Deathx\Documents\VISTA
[2011/07/11 23:13:46 | 000,000,000 | ---D | C] -- C:\ds stuff
[2011/06/30 12:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\getdislike
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 08:50:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Deathx\Desktop\OTL.exe
[2011/07/30 08:36:55 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/30 08:36:55 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/30 08:30:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 08:30:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 08:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/30 08:30:35 | 3219,603,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 02:03:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000UA.job
[2011/07/30 02:02:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000Core.job
[2011/07/29 18:55:20 | 000,038,726 | ---- | M] () -- C:\Users\Deathx\Desktop\changes.mid
[2011/07/29 18:48:25 | 000,036,679 | ---- | M] () -- C:\Users\Deathx\Desktop\serpent eyes.mid
[2011/07/29 17:29:44 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Deathx\Desktop\tdsskiller.exe
[2011/07/29 13:08:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/28 20:03:30 | 004,156,822 | R--- | M] (Swearware) -- C:\Users\Deathx\Desktop\ComboFix.exe
[2011/07/28 18:03:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Deathx\Desktop\dds.com
[2011/07/28 17:39:24 | 000,001,060 | ---- | M] () -- C:\Users\Deathx\AppData\Roaming\wklnhst.dat
[2011/07/28 17:28:31 | 000,001,356 | ---- | M] () -- C:\Users\Deathx\AppData\Local\d3d9caps.dat
[2011/07/28 14:53:48 | 000,000,176 | ---- | M] () -- C:\Users\Deathx\defogger_reenable
[2011/07/28 14:45:43 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Deathx\Desktop\dds.scr
[2011/07/28 14:45:33 | 000,050,477 | ---- | M] () -- C:\Users\Deathx\Desktop\Defogger.exe
[2011/07/25 22:31:30 | 000,242,176 | ---- | M] () -- C:\Users\Deathx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/23 14:17:25 | 231,875,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/19 12:43:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 13:06:22 | 000,002,049 | ---- | M] () -- C:\Users\Deathx\Desktop\Google Chrome.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/05 11:15:30 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/05 11:15:30 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/06/30 13:45:54 | 002,264,357 | ---- | M] () -- C:\Users\Deathx\Documents\crystal dawn flyer.pspimage
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/29 18:55:20 | 000,038,726 | ---- | C] () -- C:\Users\Deathx\Desktop\changes.mid
[2011/07/29 18:48:24 | 000,036,679 | ---- | C] () -- C:\Users\Deathx\Desktop\serpent eyes.mid
[2011/07/28 20:04:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/28 20:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/28 20:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/28 20:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/28 20:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/28 17:37:16 | 3219,603,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 14:53:28 | 000,000,176 | ---- | C] () -- C:\Users\Deathx\defogger_reenable
[2011/07/28 14:45:34 | 000,050,477 | ---- | C] () -- C:\Users\Deathx\Desktop\Defogger.exe
[2011/06/01 02:36:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/01 02:35:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/01 02:35:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/04/22 18:27:39 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/22 18:27:39 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/08 19:10:19 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/04/08 19:10:18 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/03/07 06:24:38 | 000,001,356 | ---- | C] () -- C:\Users\Deathx\AppData\Local\d3d9caps.dat
[2011/02/17 07:16:06 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/02/17 07:16:00 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/02/17 07:15:54 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/30 19:48:01 | 000,000,435 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/05 14:43:38 | 000,000,148 | ---- | C] () -- C:\Windows\System32\acmeinc.ini
[2010/10/05 14:43:38 | 000,000,116 | ---- | C] () -- C:\Windows\System32\vxdtgm.ini
[2010/08/07 03:25:33 | 000,000,116 | ---- | C] () -- C:\Windows\cncscore.ini
[2010/08/07 01:59:53 | 000,001,060 | ---- | C] () -- C:\Users\Deathx\AppData\Roaming\wklnhst.dat
[2010/07/25 15:04:25 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/07/15 01:26:13 | 000,000,540 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/06/16 00:00:43 | 000,000,580 | ---- | C] () -- C:\Windows\v238Pce.dat
[2010/06/11 16:39:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\PdeSrvps.dll
[2010/06/11 16:39:02 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/06/06 16:39:42 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2010/06/02 22:52:02 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/06/02 22:52:02 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/06/02 22:52:02 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/06/02 22:52:02 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/06/02 22:52:02 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/06/02 22:52:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/05/13 01:43:36 | 000,001,834 | ---- | C] () -- C:\Users\Deathx\AppData\Roaming\default.rss
[2010/05/11 20:16:08 | 000,001,702 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/05/10 20:42:03 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/05/10 18:13:27 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/05/10 04:33:22 | 000,000,652 | ---- | C] () -- C:\Users\Deathx\AppData\Roaming\AutoGK.ini
[2010/05/07 22:07:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/07 16:43:27 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/05/07 16:42:59 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/07 03:49:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/06 23:06:52 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/05/06 22:49:11 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2010/05/06 22:49:11 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2010/05/06 22:37:02 | 000,242,176 | ---- | C] () -- C:\Users\Deathx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,237,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:0AC32449

< End of report >








---------------------------------------





OTL Extras logfile created on: 7/30/2011 8:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Deathx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 61.90% Memory free
6.21 Gb Paging File | 4.83 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.78 Gb Total Space | 43.49 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive D: | 10.98 Gb Total Space | 1.49 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive F: | 233.76 Gb Total Space | 22.71 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive G: | 5.50 Gb Total Space | 0.92 Gb Free Space | 16.71% Space Free | Partition Type: FAT32
Drive H: | 147.14 Gb Total Space | 2.88 Gb Free Space | 1.96% Space Free | Partition Type: NTFS

Computer Name: DEATHX-PC | User Name: Deathx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.ini [@ = INI file] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2639382710-2165961276-3469681303-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2639382710-2165961276-3469681303-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{260BE33E-F096-4811-BCB0-678C9BA5ED1B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35090FAD-A72C-457C-A270-2FC7BDF25D02}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{50DDAD4A-477F-4312-B20C-ACA1565521F3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E6A8132-2127-48DB-8208-87A0171E22EA}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{A638A4A5-133D-4A8E-9BAF-E9EC787F3213}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6E74A43-0DF0-4D3A-919F-B9F1D0EA9B91}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{CC63C3E4-FC54-4789-847F-C935563EF1A3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ECE3854A-531F-42B9-A4FD-1B233D7140D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ECE9F65B-9452-4422-AC03-C3F8EF51CDC5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FCA73424-A2CD-4069-80DE-F0C979FDE2AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0375E3C6-F2A3-452F-AB88-5F725B406F96}" = protocol=6 | dir=in | app=c:\program files\skulltag\skulltag.exe |
"{15E8D8A1-6690-4ABB-991D-48B1C89B9907}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\deathx88\day of defeat source\hl2.exe |
"{17B0E4F1-BE23-4B73-A7BB-F43B16235D0E}" = protocol=17 | dir=in | app=c:\program files\opinionsquare\opnsqr.exe |
"{1E0CB59B-5D4A-4E41-8CB5-F132E8E79F58}" = protocol=6 | dir=in | app=c:\program files\skulltag\doomseeker.exe |
"{227C561A-38EA-4400-A956-E55333F80E36}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{2351176E-31FA-483C-9F83-7282F9D8B30B}" = protocol=17 | dir=in | app=c:\program files\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{33D037EF-91AF-44CC-B1DB-132D16B54B89}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{3A967149-59F1-43C8-9EBE-1DBC4FA05EE6}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{3C29BBEF-728C-4356-824D-8EC6AD7572E4}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{3F640B02-9CD5-4F40-BF00-45CC64ED32A4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40DF6F8C-48BB-4B59-810F-9183083AE432}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\deathx88\day of defeat source\hl2.exe |
"{44D1DA0F-1879-4C2B-9982-E26723B9580F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{44FCA83F-E087-44B3-9558-207E578AB0D6}" = protocol=17 | dir=in | app=c:\program files\skulltag\doomseeker.exe |
"{49E998DC-A71D-4F10-9F29-EF7E181EE15A}" = protocol=17 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
"{4AB02C01-3CE8-4623-B4C6-C5799C8C3CF3}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{53704FB8-FD4C-44A6-B06D-5BC206B995DD}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"{546587DC-DB22-43EC-99D7-2549689F8FB5}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{57CC3CA8-D862-4580-9EF2-D9CB5AA6D431}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\deathx88\source sdk base 2007\hl2.exe |
"{5E4AB99F-C758-447A-85E6-143B771C7DCF}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{688520E9-01EA-4F51-B36C-37E29490DFF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{69F720E3-24A6-44C0-880C-8B0F185A898B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6B994B4E-64BE-4C85-88C3-9449B8245FA6}" = protocol=17 | dir=in | app=c:\program files\skulltag\skulltag.exe |
"{6CF6747C-F2B8-434C-8004-5A4DBC4C2439}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{71A105DB-B79A-4A59-9028-D019134112D0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7B41A224-13DD-41B8-9D60-CCCF5D148A31}" = protocol=6 | dir=in | app=c:\users\deathx\appdata\local\temp\~osfcd9.tmp\opnsqr.exe |
"{7DE14142-41EE-4F11-B54A-DF4BB8DA70D9}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{85A86EE0-8C96-4EA8-AA16-3C119C5BC01C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"{89CD7C4C-482C-4A60-A9D1-B84402F62B3D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89CFD3A5-3AA8-430A-9EB6-F5FC3D7A703B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{8D773CBA-46BD-4C45-BB5E-FC7C6B69B310}" = protocol=6 | dir=in | app=c:\program files\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{98D9F2FA-C98E-4438-86FA-92AE6EEBB084}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{9E7D5071-01E8-4C17-BC47-E7794FD0AD3C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A6CE7F70-C49E-41E2-85C8-CD80A85309F4}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A7B1AD6F-1ADE-4E05-AAEF-232F5F9A51B4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B0F9D958-7039-4655-9A9D-32C1ADE65D64}" = protocol=6 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
"{B39FFAB5-FC78-42DD-98C5-97CB95BA13E7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B6B4D4EC-4E7A-4DD0-B997-AA781D06C6C5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{BB016149-055B-4D5B-BC1B-53261D4B9C09}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C0548953-EDA3-4376-9751-511CFD324592}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{CB9BF662-7436-46CB-9373-FEA1B1BC2857}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\deathx88\day of defeat source\hl2.exe |
"{CE6E0FA4-2E1D-440E-9E6C-60D87C837AC7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\deathx88\day of defeat source\hl2.exe |
"{D1009E11-AAFF-4881-9EC0-C831AB1BE6CE}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{D2A1BAE9-8130-40B2-AE04-C9ADB469D84D}" = protocol=6 | dir=in | app=c:\program files\opinionsquare\opnsqr.exe |
"{D3BEA45B-66CF-454D-B12A-2F43DC79A7BF}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{ED190EC6-0249-4F55-9A6D-F6B78EC56E36}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{EF00353E-61AE-444B-B545-0C4C7C609CFB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\deathx88\source sdk base 2007\hl2.exe |
"{F2F33A53-E0D0-436E-88FF-3DD3A736C82E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F87E7CD0-94F2-491E-826B-D2007B6D6BD1}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{0C030EFD-3F9D-4FF6-868E-7DF8ED5205C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1A95F9C6-4910-42BC-9606-C4E1378CF08A}C:\program files\steam\steamapps\deathx88\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\deathx88\pirates, vikings, and knights ii\hl2.exe |
"TCP Query User{2A58DE9F-CAC9-4009-B756-73419B3DD0D1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4696F540-1C3E-427F-8752-A48332F4ECAC}C:\sandbox\deathx\defaultbox\drive\c\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\sandbox\deathx\defaultbox\drive\c\program files\ares\ares.exe |
"TCP Query User{624EFDB9-FA7F-4EEE-BA61-D98B2CECA508}C:\program files\flashfxp 4\flashfxp.exe" = protocol=6 | dir=in | app=c:\program files\flashfxp 4\flashfxp.exe |
"TCP Query User{6B8D9F64-7BB5-48F5-9570-13D24EAF5246}C:\program files\flashfxp\flashfxp.exe" = protocol=6 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
"TCP Query User{6F40BD20-BE98-44E1-A4D6-9AC6075F1814}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{70A868AC-3704-46EE-8550-60A30A975C06}C:\nazi_zombies\nazi zombies\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\nazi_zombies\nazi zombies\codwaw_lanfixed.exe |
"TCP Query User{74DE2B3D-E5DF-4080-BB68-9EC2CF4EE654}C:\program files\mastiff\remington super slam hunting africa\ssa1.exe" = protocol=6 | dir=in | app=c:\program files\mastiff\remington super slam hunting africa\ssa1.exe |
"TCP Query User{845288FF-083F-4A59-9174-C031D975B538}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{95A3E74F-90D2-4A54-B11D-0F2721F896C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B677B945-66A0-4E6F-B8C5-63E75BE38EFA}C:\program files\modern\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\modern\call of duty - world at war\codwaw.exe |
"TCP Query User{B857E94C-3E77-4B6A-9E52-3480D437C8B5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D41611B7-E149-440C-A499-136573E991F6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E3D250EE-60AC-4E43-9917-486A85288D3D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FFA376A2-5C4F-45D5-8320-7F0FAE8C5F16}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{03C0A49F-8D0E-4D2A-878B-122CE9727B5C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{09A81E43-52CF-43FA-9C3D-78C2D7A5CC2C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{39E3F671-32DF-45F8-8DC8-F8263A6C5BD4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{470ECC0E-232D-4D52-B125-96EF9EE93E16}C:\program files\modern\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\modern\call of duty - world at war\codwaw.exe |
"UDP Query User{49A1F022-5106-4242-AC5C-9F13C69A776B}C:\program files\flashfxp 4\flashfxp.exe" = protocol=17 | dir=in | app=c:\program files\flashfxp 4\flashfxp.exe |
"UDP Query User{5DADD965-D647-442F-B2D0-00D9AB18DF1A}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{628337B1-B67D-4BAD-8643-916AA8283EDD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{764995D1-5FCC-4F65-80D5-5D570BDA5F25}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{79DC3596-5008-434B-B2F8-EAB29934E13C}C:\program files\steam\steamapps\deathx88\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\deathx88\pirates, vikings, and knights ii\hl2.exe |
"UDP Query User{89E8CF8D-FC6F-4EA4-870C-2488C7B60078}C:\program files\flashfxp\flashfxp.exe" = protocol=17 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
"UDP Query User{9A73EA1B-84A0-4CDE-AA27-487ABD7F5CF0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{A7E22131-CC31-4505-99CD-56B6EFA8C91B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B9C8D6F5-D0D0-49F4-AED9-15BBA39C51D1}C:\sandbox\deathx\defaultbox\drive\c\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\sandbox\deathx\defaultbox\drive\c\program files\ares\ares.exe |
"UDP Query User{C7D11B32-C968-4668-8754-14229F10DF5F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CEAF1353-68CE-4BD9-9A40-71C56FF1AF23}C:\nazi_zombies\nazi zombies\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\nazi_zombies\nazi zombies\codwaw_lanfixed.exe |
"UDP Query User{E33320CB-AC44-4F93-9871-9A74A0E425E3}C:\program files\mastiff\remington super slam hunting africa\ssa1.exe" = protocol=17 | dir=in | app=c:\program files\mastiff\remington super slam hunting africa\ssa1.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{837B34E3-7C30-493C-8F6A-2B0F04E2912C}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB5A44CB-3045-43E2-BEB0-B64E477D4633}" = EZXFunkmasters
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CBDF1A29-D7F6-4E65-89F5-3300D475D6B9}" = Bing Bar
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}" = EZXJazz
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Amazon" = Hidden Expedition &reg;: Amazon
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"Burn Zombie Burn!_is1" = Burn Zombie Burn!
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Digital DJ Pro" = Digital DJ Pro 1.7.0
"DivX Setup.divx.com" = DivX Setup
"DreamStation DXi2" = DreamStation DXi2
"DVD Shrink_is1" = DVD Shrink 3.2
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"FriendBlasterPro_is1" = FriendBlasterPro
"Game Booster_is1" = Game Booster
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"ImgBurn" = ImgBurn
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"Project Blackout" = Project Blackout
"RealPlayer 12.0" = RealPlayer
"RemingtonSuperSlamAfrica" = Remington Super Slam Hunting: Africa
"RivaTuner" = RivaTuner v2.24
"Sandboxie" = Sandboxie 3.442
"Skulltag" = Skulltag
"SONAR7Producer_is1" = SONAR 7 Producer Edition
"Speccy" = Speccy
"Steam App 218" = Source SDK Base 2007
"Steam App 300" = Day of Defeat: Source
"Steam App 57900" = Duke Nukem Forever
"Swag_Bucks Toolbar" = Swag_Bucks Toolbar
"SysInfo" = Creative System Information
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"Worms Reloaded_is1" = Worms Reloaded
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2639382710-2165961276-3469681303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1041781654.www.turbotycoon.com" = Turbo Ads
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"uTorrent" = Torrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2011 12:49:51 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2011 1:08:14 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2011 12:55:41 AM | Computer Name = Deathx-PC | Source = VSS | ID = 8194
Description =

Error - 7/23/2011 2:18:53 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2011 12:10:42 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2011 10:21:58 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2011 1:50:19 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2011 12:53:46 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2011 12:54:47 PM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2011 12:27:10 AM | Computer Name = Deathx-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/30/2011 2:20:12 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 2:26:19 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 2:32:32 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 2:38:26 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 2:44:33 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 8:31:44 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 8:37:55 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 8:44:19 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 8:49:51 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/30/2011 8:55:53 AM | Computer Name = Deathx-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C3D141DE. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 30 July 2011 - 12:33 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:260575F1
    @Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:0AC32449
    FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/04/09 18:04:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/04/09 18:05:16 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
    FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
    [2011/06/29 14:27:57 | 000,000,000 | ---D | M] (Sc-s.Com Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}
    [2011/06/26 13:55:33 | 000,000,000 | ---D | M] (LogiTool Community Toolbar) -- C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}
    [2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
    [2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
    [2010/06/30 17:21:28 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
    O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2639382710-2165961276-3469681303-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 31 July 2011 - 09:03 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components not found.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@emusic.com/dlm-plugin\ deleted successfully.
C:\Program Files\eMusic Download Manager\plugin\npemusic.dll moved successfully.
File HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com) not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com not found.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\searchplugin folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\modules folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\META-INF folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\defaults folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\components folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f}\chrome folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{4203bd6e-e381-4d2c-adac-60346a02995f} folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\searchplugin folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\modules folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\META-INF folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\defaults folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\components folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e}\chrome folder moved successfully.
C:\Users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\b09kalmq.default\extensions\{481f306a-420c-4673-be90-543b7d62a78e} folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
C:\Program Files\Swag_Bucks\prxtbSwa0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
File C:\Program Files\Swag_Bucks\prxtbSwa0.dll not found.
Registry value HKEY_USERS\S-1-5-21-2639382710-2165961276-3469681303-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
File C:\Program Files\Swag_Bucks\prxtbSwa0.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deathx\Desktop\cmd.bat deleted successfully.
C:\Users\Deathx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deathx
->Temp folder emptied: 149171 bytes
->Temporary Internet Files folder emptied: 17134715 bytes
->Java cache emptied: 464868 bytes
->FireFox cache emptied: 41835353 bytes
->Google Chrome cache emptied: 334143240 bytes
->Flash cache emptied: 50899 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 892 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 376.00 mb


[EMPTYFLASH]

User: All Users

User: Deathx
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07312011_215445

Files\Folders moved on Reboot...
C:\Users\Deathx\AppData\Local\Temp\VGXC689.tmp moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users