[Resolved] nolink.html virus?

Answers to your tech questions

Computer forums for help with removing malicious software (malware) and improving computer security

Home Forums Contact

HijackThis Members

Welcome ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

Closed Topic

Start new topic

[Resolved] nolink.html virus?

Thaiche View Member Profile	Nov 1 2009, 06:16 PM Post #1
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Okay well, A few days ago I got warnings from my anti-virus that a trojan had gotten onto my computer. I wasn't really sure how it happend as I didn't download anything...Then out of no where a fake windows security thing appeared on my desktop asking me to scan. Now I've seen this type of thing before and Didn't think it was a big deal..anyways I wasn't really in the mood to deal with it so I just cut my internet off and did a system restore as it has worked for me in the past...then once i turned my computer back on after being restored I ran a Superantispyware and AVG scan..Both showed clean so I figured it worked..So I was just browsing the internet and out of no where a new firefox window opened up. it had like 6 tabs and one of them were [b]REMOVED infector link LDT I googled it and decided I could most likely fix it myself. So I looked through what other people did to fix it...in one forum post someone suggested malwarebytes. So I did a scan with that and it came up clean. So I looked more and saw that someone else on this forum had the same problem. They were told to use ATF-Cleaner and Combofix so I figured thats all I'd need to do as I'm not usually one who likes to post and would rather fix stuff on my own. so I did atf-cleaner and that worked and then I proceeded in using Combofix. It started like normal and seemed to be working then it said "Rootkit found, rebooting" or somthing like that..so I let it reboot expecting it to continue from where it left off..but it didn't..So I tried it again and got a BSOD....Restarted again and tried again, Got the active rootkit found" thing again and rebooted..tried again and got BSOD..So I figured that was going to be the pattern with it and decided to find out how to get rid of the rootkit..downloaded avenger, said there was no rootkit's found. SO basically, I'm stuck and Not exactly sure what to do anymore...So I figured I'd just post on a forum properly and get direct help instead of using how someone else was helped.....Thanks if I can get help as this is driving me crazy.... (Sorry if it was a lot to read but I figured I should say everything I did) I figured out I got it Via a fake windows defender pop up telling me I had gotten a virus...dunno if that helps D.D.S DDS (Ver_09-06-26.01) - NTFSx86 Run by Keith at 19:18:38.67 on Sun 11/01/2009 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_03 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1363 [GMT -5:00] SP: Windows Defender disabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SUPERAntiSpyware enabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Steam\Steam.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Planex\Common\RaUI.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dlbtcoms.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Planex\Common\RalinkRegistryWriter.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Pen_Tablet.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\Pen_Tablet.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AIM6\aolsoftware.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Keith\Desktop\dds.scr C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.zing.vn/zing/?utm_source=hp&utm_medium=boom uInternet Settings,ProxyOverride = .local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [<NO NAME>] uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork uRun: [AdobeBridge] uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [Steam] "c:\program files\steam\Steam.exe" -silent uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [<NO NAME>] mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [combofix] "c:\combofix\cf26884.exe" /c "c:\combofix\C.bat" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 StartupFolder: c:\users\keith\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\planex~1.lnk - c:\program files\planex\common\RaUI.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {090AD8A7-FFC4-4BFD-B19F-9722693042DE} - hxxp://www.joycity.com/_app/cab/JCEModuleUpdaterAX.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://t1.battlefield-heroes.com/patcher/westpatcher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/neowiz/npkcx_inca.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: avgrsstx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\1zeb0fgy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.keiichianimeforever.com/ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\download manager\npfpdlm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 360584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-1 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-1 285392] R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [2009-2-18 10304] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-7-1 69632] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-5-23 3032360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-23 24652] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752] R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1227800] R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-9-6 12600] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-7-1 580096] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-5-23 15144] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-28 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752] S3 Grand;SafeNet GrandDog USB Driver;c:\windows\system32\drivers\GrandUsb.sys [2009-2-18 62528] S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-10-14 14136] S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-10-14 6784] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-7-1 620032] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928] =============== Created Last 30 ================ 2009-11-01 19:02 <DIR> --d-h--- C:\$AVG 2009-11-01 19:02 12,464 a------- c:\windows\system32\avgrsstx.dll 2009-11-01 19:02 360,584 a------- c:\windows\system32\drivers\avgtdix.sys 2009-11-01 19:02 333,192 a------- c:\windows\system32\drivers\avgldx86.sys 2009-11-01 19:02 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-11-01 19:01 <DIR> --d----- c:\program files\AVG 2009-11-01 19:01 <DIR> --d----- c:\programdata\avg9 2009-11-01 19:01 <DIR> --d----- c:\progra~2\avg9 2009-11-01 17:59 40,040 a------- c:\windows\system32\drivers\nvstor.sys 2009-11-01 17:59 21,560 a------- c:\windows\system32\drivers\atapi.sys 2009-11-01 16:36 236,544 a------- c:\windows\PEV.exe 2009-11-01 16:36 161,792 a------- c:\windows\SWREG.exe 2009-11-01 16:36 98,816 a------- c:\windows\sed.exe 2009-11-01 16:36 77,312 a------- c:\windows\MBR.exe 2009-10-31 05:10 <DIR> --d----- c:\users\keith\appdata\roaming\Tonium 2009-10-31 05:09 <DIR> --d----- c:\program files\Tonium 2009-10-31 01:29 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-31 01:29 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-30 15:48 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-30 15:48 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-30 15:48 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-30 15:48 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-30 15:47 3,374 a------- c:\windows\system32\RacUR.xml 2009-10-30 15:47 310,784 a------- c:\windows\system32\unregmp2.exe 2009-10-30 02:08 <DIR> --d----- c:\users\keith\appdata\roaming\Malwarebytes 2009-10-30 02:08 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-30 02:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-30 02:08 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-29 23:08 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com 2009-10-29 23:08 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com 2009-10-29 23:07 <DIR> --d----- c:\users\keith\appdata\roaming\SUPERAntiSpyware.com 2009-10-29 23:07 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-10-29 15:20 <DIR> --dsh--- c:\users\keith\appdata\roaming\Windows System Defender 2009-10-28 03:47 10,626,048 a------- c:\windows\system32\wmp(274).dll 2009-10-28 03:47 10,626,048 a------- c:\windows\system32\wmp(159).dll 2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc(275).DLL 2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc(160).DLL 2009-10-16 01:24 <DIR> --d----- c:\windows\system32\xlive 2009-10-16 01:24 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE 2009-10-15 03:33 1,256,448 a------- c:\windows\system32\lsasrv.dll 2009-10-15 03:33 439,896 a------- c:\windows\system32\drivers\ksecdd.sys 2009-10-15 03:33 213,504 a------- c:\windows\system32\msv1_0.dll 2009-10-15 03:33 175,104 a------- c:\windows\system32\wdigest.dll 2009-10-15 03:33 72,704 a------- c:\windows\system32\secur32.dll 2009-10-15 03:33 9,728 a------- c:\windows\system32\lsass.exe 2009-10-15 03:33 833,024 a------- c:\windows\system32\wininet.dll 2009-10-15 03:31 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 02:40 266,240 a------- c:\windows\system32\OGPIEPlugin.ocx 2009-10-03 00:46 195,440 a------- c:\windows\system32\MpSigStub.exe ==================== Find3M ==================== 2009-11-01 18:36 32,879 a------- c:\programdata\nvModes.dat 2009-11-01 18:36 32,879 a------- c:\progra~2\nvModes.dat 2009-09-29 23:14 36,928 a------- c:\windows\system32\drivers\pssdk41.sys 2009-09-14 04:44 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-09-06 19:32 14,136 a------- c:\windows\system32\JRSKD24.sys 2009-09-06 19:32 12,600 a------- c:\windows\system32\JRSUKD25.SYS 2009-09-06 19:32 632,120 a------- c:\windows\system32\CKSetup32.exe 2009-09-06 19:32 124,216 a------- c:\windows\system32\CKAgent.exe 2009-09-05 23:08 4,096 a------- c:\windows\d3dx.dat 2009-09-05 22:04 189,480 a------- c:\windows\system32\PnkBstrB.exe 2009-09-05 21:52 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-05 21:49 139,152 a------- c:\users\keith\appdata\roaming\PnkBstrK.sys 2009-09-05 21:49 794,408 a------- c:\windows\system32\pbsvc.exe 2009-09-04 07:24 61,440 a------- c:\windows\system32\msasn1.dll 2009-08-31 08:55 293,376 a------- c:\windows\system32\psisdecd.dll 2009-08-31 08:55 428,544 a------- c:\windows\system32\EncDec.dll 2009-08-28 17:04 143,360 a------- c:\windows\inf\infstrng.dat 2009-08-28 17:04 51,200 a------- c:\windows\inf\infpub.dat 2009-08-28 16:42 86,016 a------- c:\windows\inf\infstor.dat 2009-08-28 07:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 05:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 08:29 78,336 a------- c:\windows\system32\ieencode.dll 2009-08-27 05:58 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-08-25 16:04 75,264 a------- c:\windows\system32\uc_holybeast_launching.dll 2009-08-17 06:48 158,952 a------- c:\windows\system32\PubPlugin.dll 2009-08-14 11:29 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-14 11:29 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 09:16 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 09:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 09:16 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 09:16 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 09:16 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 09:16 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 09:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-13 22:17 319,488 a------- c:\windows\HideWin.exe 2009-08-13 04:06 319,456 a------- c:\windows\DIFxAPI.dll 2009-08-12 23:53 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-08-12 23:53 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-08-05 09:22 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe 2009-08-05 09:22 3,546,184 a------- c:\windows\system32\ntoskrnl.exe 2009-04-16 20:19 32 a----r-- c:\programdata\hash.dat 2009-04-16 20:19 32 a----r-- c:\progra~2\hash.dat 2008-12-09 23:42 174 a--sh--- c:\program files\desktop.ini 2008-12-09 23:08 665,600 a------- c:\windows\inf\drvindex.dat 2008-07-31 05:13 23 a------- c:\users\keith\jagex_runescape_preferences.dat 2008-03-14 17:26 37,375 a------- c:\program files\openoffice.org-xsltfilter.cab 2008-03-14 17:26 2,489,204 a------- c:\program files\openoffice.org-writer.cab 2008-03-14 17:26 207,388 a------- c:\program files\openoffice.org-testtool.cab 2008-03-14 17:26 2,504,855 a------- c:\program files\openoffice.org-pyuno.cab 2008-03-14 17:26 51,973 a------- c:\program files\openoffice.org-onlineupdate.cab 2008-03-14 17:26 1,090,334 a------- c:\program files\openoffice.org-math.cab 2008-03-14 17:25 118,910 a------- c:\program files\openoffice.org-javafilter.cab 2008-03-14 17:25 1,254,017 a------- c:\program files\openoffice.org-impress.cab 2008-03-14 17:25 86,870 a------- c:\program files\openoffice.org-graphicfilter.cab 2008-03-14 17:25 2,769 a------- c:\program files\openoffice.org-emailmerge.cab 2008-03-14 17:25 919,329 a------- c:\program files\openoffice.org-draw.cab 2008-03-14 17:25 2,031,954 a------- c:\program files\openoffice.org-core09.cab 2008-03-14 17:25 293,054 a------- c:\program files\openoffice.org-core08.cab 2008-03-14 17:25 3,842,531 a------- c:\program files\openoffice.org-core07.cab 2008-03-14 17:25 28,861,971 a------- c:\program files\openoffice.org-core06.cab 2008-03-14 17:21 18,636,793 a------- c:\program files\openoffice.org-core05.cab 2008-03-14 17:19 16,453,751 a------- c:\program files\openoffice.org-core04.cab 2008-03-14 17:18 9,118,219 a------- c:\program files\openoffice.org-core03.cab 2008-03-14 17:18 3,860,200 a------- c:\program files\openoffice.org-core02.cab 2008-03-14 17:18 15,102,497 a------- c:\program files\openoffice.org-core01.cab 2008-03-14 17:17 4,696,905 a------- c:\program files\openoffice.org-calc.cab 2008-03-14 17:17 1,802,028 a------- c:\program files\openoffice.org-base.cab 2008-03-14 17:17 43,005 a------- c:\program files\openoffice.org-activex.cab 2008-03-14 17:17 217 a------- c:\program files\setup.ini 2008-03-14 17:17 4,372,992 a------- c:\program files\openofficeorg24.msi 2008-02-08 15:33 323,584 a------- c:\program files\setup.exe 2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2002-03-11 04:06 1,822,520 a------- c:\program files\instmsiw.exe 2002-03-11 03:45 1,708,856 a------- c:\program files\instmsia.exe ============= FINISH: 19:20:35.36 =============== RootRepel ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/01 22:59 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS Address: 0x837EA000 Size: 57344 File Visible: - Signed: - Status: - Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x80697000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x82A46000 Size: 3903488 File Visible: - Signed: - Status: - Name: adfs.SYS Image Path: C:\Windows\System32\Drivers\adfs.SYS Address: 0xA585A000 Size: 69248 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x92177000 Size: 294912 File Visible: - Signed: - Status: - Name: asyncmac.sys Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys Address: 0xA2C51000 Size: 36864 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x807A2000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x807AA000 Size: 122880 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\Windows\System32\ATMFD.DLL Address: 0x9A710000 Size: 311296 File Visible: - Signed: - Status: - Name: avgldx86.sys Image Path: C:\Windows\System32\Drivers\avgldx86.sys Address: 0x92C64000 Size: 326528 File Visible: - Signed: - Status: - Name: avgmfx86.sys Image Path: C:\Windows\System32\Drivers\avgmfx86.sys Address: 0x92C5E000 Size: 21760 File Visible: - Signed: - Status: - Name: avgtdix.sys Image Path: C:\Windows\System32\Drivers\avgtdix.sys Address: 0x920DA000 Size: 353920 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x91DDF000 Size: 28672 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x8047F000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0xA2CE2000 Size: 102400 File Visible: - Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x9A700000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0xA59B2000 Size: 90112 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x837C2000 Size: 98304 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804C8000 Size: 917504 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x8A7B1000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x80487000 Size: 266240 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x92CB4000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x8A7D2000 Size: 36864 File Visible: - Signed: - Status: - Name: CT20XUT.SYS Image Path: C:\Windows\System32\drivers\CT20XUT.SYS Address: 0x91BB5000 Size: 217088 File Visible: - Signed: - Status: - Name: ctaud2k.sys Image Path: C:\Windows\system32\drivers\ctaud2k.sys Address: 0x8F4FE000 Size: 529664 File Visible: - Signed: - Status: - Name: CTEXFIFX.SYS Image Path: C:\Windows\System32\drivers\CTEXFIFX.SYS Address: 0x91C07000 Size: 1368064 File Visible: - Signed: - Status: - Name: CTHWIUT.SYS Image Path: C:\Windows\System32\drivers\CTHWIUT.SYS Address: 0x91BA0000 Size: 86016 File Visible: - Signed: - Status: - Name: ctoss2k.sys Image Path: C:\Windows\system32\drivers\ctoss2k.sys Address: 0x9040D000 Size: 217088 File Visible: - Signed: - Status: - Name: ctprxy2k.sys Image Path: C:\Windows\system32\drivers\ctprxy2k.sys Address: 0x90442000 Size: 32768 File Visible: - Signed: - Status: - Name: ctsfm2k.sys Image Path: C:\Windows\system32\drivers\ctsfm2k.sys Address: 0x91B76000 Size: 172032 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x92C47000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x8A7A0000 Size: 69632 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8F5AD000 Size: 151552 File Visible: - Signed: - Status: - Name: dump_diskdump.sys Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys Address: 0x92CC1000 Size: 40960 File Visible: No Signed: - Status: - Name: dump_nvstor32.sys Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys Address: 0x92CCB000 Size: 106496 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x92CE5000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x9032F000 Size: 651264 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x8A779000 Size: 159744 File Visible: - Signed: - Status: - Name: emupia2k.sys Image Path: C:\Windows\system32\drivers\emupia2k.sys Address: 0x91B46000 Size: 196608 File Visible: - Signed: - Status: - Name: fdc.sys Image Path: C:\Windows\system32\DRIVERS\fdc.sys Address: 0x903DB000 Size: 45056 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x83435000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x83403000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x91DA5000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x83727000 Size: 110592 File Visible: - Signed: - Status: - Name: GEARAspiWDM.sys Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys Address: 0x8FA0B000 Size: 9472 File Visible: - Signed: - Status: - Name: giveio.sys Image Path: C:\Windows\system32\giveio.sys Address: 0x8A778000 Size: 1664 File Visible: - Signed: - Status: - Name: ha20x22k.sys Image Path: C:\Windows\system32\drivers\ha20x22k.sys Address: 0x91A0E000 Size: 1241088 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x82A13000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x805E9000 Size: 73728 File Visible: - Signed: - Status: - Name: HdAudio.sys Image Path: C:\Windows\system32\drivers\HdAudio.sys Address: 0x91D55000 Size: 258048 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x9044C000 Size: 65536 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x9045C000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x91DC7000 Size: 36864 File Visible: - Signed: - Status: - Name: hostnt.sys Image Path: C:\Windows\system32\drivers\hostnt.sys Address: 0xA586B000 Size: 4864 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0xA2C5A000 Size: 438272 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x903E6000 Size: 77824 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x8375C000 Size: 61440 File Visible: - Signed: - Status: - Name: JRSUKD25.SYS Image Path: C:\Windows\system32\JRSUKD25.SYS Address: 0x905A2000 Size: 7168 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x9053A000 Size: 45056 File Visible: - Signed: - Status: - Name: kbdhid.sys Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys Address: 0x91B3D000 Size: 36864 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x80406000 Size: 32768 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\drivers\ks.sys Address: 0x8F5D2000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x8344F000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0x92DD0000 Size: 65536 File Visible: - Signed: - Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x92CFE000 Size: 110592 File Visible: - Signed: - Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x8040E000 Size: 393216 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x92CEF000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8FA00000 Size: 45056 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x90592000 Size: 32768 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x80792000 Size: 65536 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0xA2CFB000 Size: 86016 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0xA2D10000 Size: 131072 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0xA2D30000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0xA2D4F000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0xA2D88000 Size: 98304 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x920A2000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x806E6000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x90474000 Size: 188416 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x835CB000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x90547000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x8A769000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x834C0000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x904C4000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0xA2C34000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x904CF000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x91D94000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x921D5000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x92131000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x83604000 Size: 237568 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x920AD000 Size: 57344 File Visible: - Signed: - Status: - Name: npkcrypt.sys Image Path: C:\Nexon\Mabinogi\npkcrypt.sys Address: 0xA586D000 Size: 26944 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x92C3D000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x8A60F000 Size: 1110016 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x82A46000 Size: 3903488 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x91DD8000 Size: 28672 File Visible: - Signed: - Status: - Name: nvBridge.kmd Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd Address: 0x9032D000 Size: 8192 File Visible: - Signed: - Status: - Name: nvlddmkm.sys Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys Address: 0x8FA0F000 Size: 9557216 File Visible: - Signed: - Status: - Name: nvmfdx32.sys Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys Address: 0x8F403000 Size: 1025152 File Visible: - Signed: - Status: - Name: nvstor.sys Image Path: C:\Windows\system32\drivers\nvstor.sys Address: 0x807C8000 Size: 53248 File Visible: - Signed: - Status: - Name: nvstor32.sys Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys Address: 0x807D5000 Size: 106496 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0xA2C0A000 Size: 172032 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys Address: 0x837DA000 Size: 61952 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x921BF000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x80715000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x806EE000 Size: 159744 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: C:\Windows\system32\drivers\pciide.sys Address: 0x8077D000 Size: 28672 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x80784000 Size: 57344 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0xA5874000 Size: 909312 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x82A46000 Size: 3903488 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8F580000 Size: 184320 File Visible: - Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x8046E000 Size: 69632 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: C:\Windows\System32\Drivers\PxHelp20.sys Address: 0x83445000 Size: 37056 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x920BB000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x904AD000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x904F2000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x90501000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x90515000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x82A46000 Size: 3903488 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x92C01000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x92092000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x9209A000 Size: 32768 File Visible: - Signed: - Status: - Name: RDPWD.SYS Image Path: C:\Windows\System32\Drivers\RDPWD.SYS Address: 0xA597F000 Size: 208896 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA59D9000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0xA2C3E000 Size: 77824 File Visible: - Signed: - Status: - Name: rt2870.sys Image Path: C:\Windows\system32\DRIVERS\rt2870.sys Address: 0x92004000 Size: 580096 File Visible: - Signed: - Status: - Name: SASDIFSV.SYS Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Address: 0x921F6000 Size: 24576 File Visible: - Signed: - Status: - Name: SASENUM.SYS Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS Address: 0xA59C8000 Size: 20480 File Visible: - Signed: - Status: - Name: SASKUTIL.sys Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Address: 0x905C5000 Size: 151552 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0xA5952000 Size: 40960 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x92163000 Size: 81920 File Visible: - Signed: - Status: - Name: speedfan.sys Image Path: C:\Windows\system32\speedfan.sys Address: 0x8A767000 Size: 5248 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x8A75F000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0x92D21000 Size: 716800 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0xA580E000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0xA2DA0000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0xA2CC5000 Size: 118784 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\drivers\storport.sys Address: 0x805A8000 Size: 266240 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x90545000 Size: 4992 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8363E000 Size: 954368 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0xA595C000 Size: 49152 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x904A2000 Size: 45056 File Visible: - Signed: - Status: - Name: tdtcp.sys Image Path: C:\Windows\system32\drivers\tdtcp.sys Address: 0xA5968000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x920C4000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x9052A000 Size: 65536 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x9A6E0000 Size: 36864 File Visible: - Signed: - Status: - Name: tssecsrv.sys Image Path: C:\Windows\System32\DRIVERS\tssecsrv.sys Address: 0xA5973000 Size: 49152 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x8A600000 Size: 36864 File Visible: - Signed: - Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x8A7F2000 Size: 45056 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x90551000 Size: 53248 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys Address: 0x91DAE000 Size: 94208 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x91DC5000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x837B3000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x9055E000 Size: 212992 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\Windows\system32\DRIVERS\usbohci.sys Address: 0x8376B000 Size: 40960 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x83775000 Size: 253952 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x91DE6000 Size: 49152 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x905A4000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x80724000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80733000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x8A726000 Size: 233472 File Visible: - Signed: - Status: - Name: wacmoumonitor.sys Image Path: C:\Windows\system32\DRIVERS\wacmoumonitor.sys Address: 0x91DD0000 Size: 32768 File Visible: - Signed: - Status: - Name: wacommousefilter.sys Image Path: C:\Windows\system32\DRIVERS\wacommousefilter.sys Address: 0x9059A000 Size: 32768 File Visible: - Signed: - Status: - Name: wacomvhid.sys Image Path: C:\Windows\system32\DRIVERS\wacomvhid.sys Address: 0x9044A000 Size: 8064 File Visible: - Signed: - Status: - Name: WacomVKHid.sys Image Path: C:\Windows\system32\DRIVERS\WacomVKHid.sys Address: 0x90463000 Size: 5760 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x921E3000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x903CE000 Size: 53248 File Visible: - Signed: - Status: - Name: wd.sys Image Path: C:\Windows\system32\drivers\wd.sys Address: 0x8A71E000 Size: 32768 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x8060E000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x8068A000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x9A4C0000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x9A4C0000 Size: 2105344 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806DD000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x82A46000 Size: 3903488 File Visible: - Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\smss.exe PID: 404 Status: - Path: C:\Windows\System32\taskeng.exe PID: 424 Status: - Path: C:\Program Files\Windows Sidebar\sidebar.exe PID: 448 Status: - Path: C:\Windows\System32\csrss.exe PID: 472 Status: - Path: C:\Windows\System32\wininit.exe PID: 532 Status: - Path: C:\Windows\System32\csrss.exe PID: 540 Status: - Path: C:\Program Files\AVG\AVG9\avgchsvx.exe PID: 552 Status: - Path: C:\Program Files\AVG\AVG9\avgrsx.exe PID: 560 Status: - Path: C:\Windows\System32\services.exe PID: 592 Status: - Path: C:\Windows\System32\lsass.exe PID: 608 Status: - Path: C:\Windows\System32\lsm.exe PID: 616 Status: - Path: C:\Windows\System32\winlogon.exe PID: 644 Status: - Path: C:\Program Files\AVG\AVG9\avgcsrvx.exe PID: 684 Status: - Path: C:\Windows\System32\svchost.exe PID: 888 Status: - Path: C:\Users\Keith\Desktop\RootRepeal.exe PID: 924 Status: - Path: C:\Windows\System32\nvvsvc.exe PID: 960 Status: - Path: C:\Windows\System32\svchost.exe PID: 1252 Status: - Path: C:\Windows\System32\svchost.exe PID: 1392 Status: - Path: C:\Windows\System32\svchost.exe PID: 1436 Status: - Path: C:\Windows\System32\svchost.exe PID: 1456 Status: - Path: C:\Windows\ehome\ehtray.exe PID: 1512 Status: - Path: C:\Windows\System32\audiodg.exe PID: 1524 Status: Locked to the Windows API! Path: C:\Program Files\AIM6\aolsoftware.exe PID: 1544 Status: - Path: C:\Windows\ehome\ehmsas.exe PID: 1568 Status: - Path: C:\Program Files\Creative\Shared Files\CTAudSvc.exe PID: 1672 Status: - Path: C:\Windows\System32\SLsvc.exe PID: 1696 Status: - Path: C:\Windows\System32\nvvsvc.exe PID: 1752 Status: - Path: C:\Windows\System32\svchost.exe PID: 1796 Status: - Path: C:\Windows\System32\svchost.exe PID: 1828 Status: - Path: C:\Windows\System32\spoolsv.exe PID: 1904 Status: - Path: C:\Windows\System32\wisptis.exe PID: 1908 Status: - Path: C:\Windows\System32\svchost.exe PID: 1924 Status: - Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe PID: 1932 Status: - Path: C:\Windows\System32\wisptis.exe PID: 2056 Status: - Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe PID: 2064 Status: - Path: C:\Windows\System32\svchost.exe PID: 2084 Status: - Path: C:\Windows\System32\SearchIndexer.exe PID: 2188 Status: - Path: C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe PID: 2208 Status: - Path: C:\Windows\System32\dwm.exe PID: 2252 Status: - Path: C:\Windows\explorer.exe PID: 2364 Status: - Path: C:\Program Files\Windows Defender\MSASCui.exe PID: 2668 Status: - Path: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe PID: 2688 Status: - Path: C:\Windows\System32\Ctxfihlp.exe PID: 2696 Status: - Path: C:\Program Files\AVG\AVG9\avgemc.exe PID: 2712 Status: - Path: C:\Program Files\AVG\AVG9\avgtray.exe PID: 2764 Status: - Path: C:\Program Files\Windows Sidebar\sidebar.exe PID: 2856 Status: - Path: C:\Program Files\AIM6\aim6.exe PID: 2876 Status: - Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PID: 2928 Status: - Path: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PID: 2944 Status: - Path: C:\Program Files\AVG\AVG9\avgwdsvc.exe PID: 3000 Status: - Path: C:\Program Files\Bonjour\mDNSResponder.exe PID: 3020 Status: - Path: C:\Windows\System32\dlbtcoms.exe PID: 3112 Status: - Path: C:\Nexon\Mabinogi\npkcmsvc.exe PID: 3208 Status: - Path: C:\Windows\System32\PnkBstrA.exe PID: 3556 Status: - Path: C:\Program Files\AVG\AVG9\avgnsx.exe PID: 3564 Status: - Path: C:\Windows\System32\PnkBstrB.exe PID: 3588 Status: - Path: C:\Windows\System32\svchost.exe PID: 3692 Status: - Path: C:\Program Files\Planex\Common\RalinkRegistryWriter.exe PID: 3704 Status: - Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PID: 3740 Status: - Path: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PID: 3812 Status: - Path: C:\Windows\System32\svchost.exe PID: 3828 Status: - Path: C:\Windows\System32\Pen_Tablet.exe PID: 3856 Status: - Path: C:\Program Files\AVG\AVG9\avgcsrvx.exe PID: 3884 Status: - Path: C:\Program Files\TVersity\Media Server\MediaServer.exe PID: 3908 Status: - Path: C:\Windows\System32\WTablet\Pen_TabletUser.exe PID: 3956 Status: - Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe PID: 3972 Status: - Path: C:\Windows\System32\Pen_Tablet.exe PID: 3988 Status: - Path: C:\Windows\System32\svchost.exe PID: 4020 Status: - Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe PID: 4032 Status: - Path: C:\Program Files\Windows Media Player\wmpnscfg.exe PID: 4104 Status: - Path: C:\Program Files\DNA\btdna.exe PID: 4248 Status: - Path: C:\Program Files\Windows Media Player\wmpnetwk.exe PID: 4300 Status: - Path: C:\Windows\System32\wbem\unsecapp.exe PID: 4612 Status: - Path: C:\Program Files\Mozilla Firefox\firefox.exe PID: 4620 Status: - Path: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 4732 Status: - Path: C:\Windows\System32\wuauclt.exe PID: 4820 Status: - Path: C:\Windows\System32\CTxfispi.exe PID: 4824 Status: - Path: C:\Program Files\Steam\Steam.exe PID: 5020 Status: - Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PID: 5040 Status: - Path: C:\Windows\System32\taskeng.exe PID: 5060 Status: - Path: C:\Program Files\Planex\Common\RaUI.exe PID: 5100 Status: - Path: C:\Windows\System32\mobsync.exe PID: 5188 Status: - Path: C:\Program Files\Common Files\Steam\SteamService.exe PID: 5288 Status: - Path: C:\Program Files\Windows Live\Contacts\wlcomm.exe PID: 5520 Status: - Path: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe PID: 5972 Status: - Path: C:\Windows\System32\SearchProtocolHost.exe PID: 6580 Status: - Path: C:\Windows\System32\SearchFilterHost.exe PID: 6592 Status: - SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Not hooked #: 001 Function Name: NtAccessCheck Status: Not hooked #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Not hooked #: 003 Function Name: NtAccessCheckByType Status: Not hooked #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Not hooked #: 005 Function Name: NtAccessCheckByTypeResultList Status: Not hooked #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Not hooked #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Not hooked #: 008 Function Name: NtAddAtom Status: Not hooked #: 009 Function Name: NtAddBootEntry Status: Not hooked #: 010 Function Name: NtAddDriverEntry Status: Not hooked #: 011 Function Name: NtAdjustGroupsToken Status: Not hooked #: 012 Function Name: NtAdjustPrivilegesToken Status: Not hooked #: 013 Function Name: NtAlertResumeThread Status: Not hooked #: 014 Function Name: NtAlertThread Status: Not hooked #: 015 Function Name: NtAllocateLocallyUniqueId Status: Not hooked #: 016 Function Name: NtAllocateUserPhysicalPages Status: Not hooked #: 017 Function Name: NtAllocateUuids Status: Not hooked #: 018 Function Name: NtAllocateVirtualMemory Status: Not hooked #: 019 Function Name: NtAlpcAcceptConnectPort Status: Not hooked #: 020 Function Name: NtAlpcCancelMessage Status: Not hooked #: 021 Function Name: NtAlpcConnectPort Status: Not hooked #: 022 Function Name: NtAlpcCreatePort Status: Not hooked #: 023 Function Name: NtAlpcCreatePortSection Status: Not hooked #: 024 Function Name: NtAlpcCreateResourceReserve Status: Not hooked #: 025 Function Name: NtAlpcCreateSectionView Status: Not hooked #: 026 Function Name: NtAlpcCreateSecurityContext Status: Not hooked #: 027 Function Name: NtAlpcDeletePortSection Status: Not hooked #: 028 Function Name: NtAlpcDeleteResourceReserve Status: Not hooked #: 029 Function Name: NtAlpcDeleteSectionView Status: Not hooked #: 030 Function Name: NtAlpcDeleteSecurityContext Status: Not hooked #: 031 Function Name: NtAlpcDisconnectPort Status: Not hooked #: 032 Function Name: NtAlpcImpersonateClientOfPort Status: Not hooked #: 033 Function Name: NtAlpcOpenSenderProcess Status: Not hooked #: 034 Function Name: NtAlpcOpenSenderThread Status: Not hooked #: 035 Function Name: NtAlpcQueryInformation Status: Not hooked #: 036 Function Name: NtAlpcQueryInformationMessage Status: Not hooked #: 037 Function Name: NtAlpcRevokeSecurityContext Status: Not hooked #: 038 Function Name: NtAlpcSendWaitReceivePort Status: Not hooked #: 039 Function Name: NtAlpcSetInformation Status: Not hooked #: 040 Function Name: NtApphelpCacheControl Status: Not hooked #: 041 Function Name: NtAreMappedFilesTheSame Status: Not hooked #: 042 Function Name: NtAssignProcessToJobObject Status: Not hooked #: 043 Function Name: NtCallbackReturn Status: Not hooked #: 044 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 045 Function Name: NtCancelIoFile Status: Not hooked #: 046 Function Name: NtCancelTimer Status: Not hooked #: 047 Function Name: NtClearEvent Status: Not hooked #: 048 Function Name: NtClose Status: Not hooked #: 049 Function Name: NtCloseObjectAuditAlarm Status: Not hooked #: 050 Function Name: NtCompactKeys Status: Not hooked #: 051 Function Name: NtCompareTokens Status: Not hooked #: 052 Function Name: NtCompleteConnectPort Status: Not hooked #: 053 Function Name: NtCompressKey Status: Not hooked #: 054 Function Name: NtConnectPort Status: Not hooked #: 055 Function Name: NtContinue Status: Not hooked #: 056 Function Name: NtCreateDebugObject Status: Not hooked #: 057 Function Name: NtCreateDirectoryObject Status: Not hooked #: 058 Function Name: NtCreateEvent Status: Not hooked #: 059 Function Name: NtCreateEventPair Status: Not hooked #: 060 Function Name: NtCreateFile Status: Not hooked #: 061 Function Name: NtCreateIoCompletion Status: Not hooked #: 062 Function Name: NtCreateJobObject Status: Not hooked #: 063 Function Name: NtCreateJobSet Status: Not hooked #: 064 Function Name: NtCreateKey Status: Not hooked #: 065 Function Name: NtCreateKeyTransacted Status: Not hooked #: 066 Function Name: NtCreateMailslotFile Status: Not hooked #: 067 Function Name: NtCreateMutant Status: Not hooked #: 068 Function Name: NtCreateNamedPipeFile Status: Not hooked #: 069 Function Name: NtCreatePrivateNamespace Status: Not hooked #: 070 Function Name: NtCreatePagingFile Status: Not hooked #: 071 Function Name: NtCreatePort Status: Not hooked #: 072 Function Name: NtCreateProcess Status: Not hooked #: 073 Function Name: NtCreateProcessEx Status: Not hooked #: 074 Function Name: NtCreateProfile Status: Not hooked #: 075 Function Name: NtCreateSection Status: Not hooked #: 076 Function Name: NtCreateSemaphore Status: Not hooked #: 077 Function Name: NtCreateSymbolicLinkObject Status: Not hooked #: 078 Function Name: NtCreateThread Status: Not hooked #: 079 Function Name: NtCreateTimer Status: Not hooked #: 080 Function Name: NtCreateToken Status: Not hooked #: 081 Function Name: NtCreateTransaction Status: Not hooked #: 082 Function Name: NtOpenTransaction Status: Not hooked #: 083 Function Name: NtQueryInformationTransaction Status: Not hooked #: 084 Function Name: NtQueryInformationTransactionManager Status: Not hooked #: 085 Function Name: NtPrePrepareEnlistment Status: Not hooked #: 086 Function Name: NtPrepareEnlistment Status: Not hooked #: 087 Function Name: NtCommitEnlistment Status: Not hooked #: 088 Function Name: NtReadOnlyEnlistment Status: Not hooked #: 089 Function Name: NtRollbackComplete Status: Not hooked #: 090 Function Name: NtRollbackEnlistment Status: Not hooked #: 091 Function Name: NtCommitTransaction Status: Not hooked #: 092 Function Name: NtRollbackTransaction Status: Not hooked #: 093 Function Name: NtPrePrepareComplete Status: Not hooked #: 094 Function Name: NtPrepareComplete Status: Not hooked #: 095 Function Name: NtCommitComplete Status: Not hooked #: 096 Function Name: NtSinglePhaseReject Status: Not hooked #: 097 Function Name: NtSetInformationTransaction Status: Not hooked #: 098 Function Name: NtSetInformationTransactionManager Status: Not hooked #: 099 Function Name: NtSetInformationResourceManager Status: Not hooked #: 100 Function Name: NtCreateTransactionManager Status: Not hooked #: 101 Function Name: NtOpenTransactionManager Status: Not hooked #: 102 Function Name: NtRenameTransactionManager Status: Not hooked #: 103 Function Name: NtRollforwardTransactionManager Status: Not hooked #: 104 Function Name: NtRecoverEnlistment Status: Not hooked #: 105 Function Name: NtRecoverResourceManager Status: Not hooked #: 106 Function Name: NtRecoverTransactionManager Status: Not hooked #: 107 Function Name: NtCreateResourceManager Status: Not hooked #: 108 Function Name: NtOpenResourceManager Status: Not hooked #: 109 Function Name: NtGetNotificationResourceManager Status: Not hooked #: 110 Function Name: NtQueryInformationResourceManager Status: Not hooked #: 111 Function Name: NtCreateEnlistment Status: Not hooked #: 112 Function Name: NtOpenEnlistment Status: Not hooked #: 113 Function Name: NtSetInformationEnlistment Status: Not hooked #: 114 Function Name: NtQueryInformationEnlistment Status: Not hooked #: 115 Function Name: NtCreateWaitablePort Status: Not hooked #: 116 Function Name: NtDebugActiveProcess Status: Not hooked #: 117 Function Name: NtDebugContinue Status: Not hooked #: 118 Function Name: NtDelayExecution Status: Not hooked #: 119 Function Name: NtDeleteAtom Status: Not hooked #: 120 Function Name: NtDeleteBootEntry Status: Not hooked #: 121 Function Name: NtDeleteDriverEntry Status: Not hooked #: 122 Function Name: NtDeleteFile Status: Not hooked #: 123 Function Name: NtDeleteKey Status: Not hooked #: 124 Function Name: NtDeletePrivateNamespace Status: Not hooked #: 125 Function Name: NtDeleteObjectAuditAlarm Status: Not hooked #: 126 Function Name: NtDeleteValueKey Status: Not hooked #: 127 Function Name: NtDeviceIoControlFile Status: Not hooked #: 128 Function Name: NtDisplayString Status: Not hooked #: 129 Function Name: NtDuplicateObject Status: Not hooked #: 130 Function Name: NtDuplicateToken Status: Not hooked #: 131 Function Name: NtEnumerateBootEntries Status: Not hooked #: 132 Function Name: NtEnumerateDriverEntries Status: Not hooked #: 133 Function Name: NtEnumerateKey Status: Not hooked #: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Not hooked #: 135 Function Name: NtEnumerateTransactionObject Status: Not hooked #: 136 Function Name: NtEnumerateValueKey Status: Not hooked #: 137 Function Name: NtExtendSection Status: Not hooked #: 138 Function Name: NtFilterToken Status: Not hooked #: 139 Function Name: NtFindAtom Status: Not hooked #: 140 Function Name: NtFlushBuffersFile Status: Not hooked #: 141 Function Name: NtFlushInstructionCache Status: Not hooked #: 142 Function Name: NtFlushKey Status: Not hooked #: 143 Function Name: NtFlushProcessWriteBuffers Status: Not hooked #: 144 Function Name: NtFlushVirtualMemory Status: Not hooked #: 145 Function Name: NtFlushWriteBuffer Status: Not hooked #: 146 Function Name: NtFreeUserPhysicalPages Status: Not hooked #: 147 Function Name: NtFreeVirtualMemory Status: Not hooked #: 148 Function Name: NtFreezeRegistry Status: Not hooked #: 149 Function Name: NtFreezeTransactions Status: Not hooked #: 150 Function Name: NtFsControlFile Status: Not hooked #: 151 Function Name: NtGetContextThread Status: Not hooked #: 152 Function Name: NtGetDevicePowerState Status: Not hooked #: 153 Function Name: NtGetNlsSectionPtr Status: Not hooked #: 154 Function Name: NtGetPlugPlayEvent Status: Not hooked #: 155 Function Name: NtGetWriteWatch Status: Not hooked #: 156 Function Name: NtImpersonateAnonymousToken Status: Not hooked #: 157 Function Name: NtImpersonateClientOfPort Status: Not hooked #: 158 Function Name: NtImpersonateThread Status: Not hooked #: 159 Function Name: NtInitializeNlsFiles Status: Not hooked #: 160 Function Name: NtInitializeRegistry Status: Not hooked #: 161 Function Name: NtInitiatePowerAction Status: Not hooked #: 162 Function Name: NtIsProcessInJob Status: Not hooked #: 163 Function Name: NtIsSystemResumeAutomatic Status: Not hooked #: 164 Function Name: NtListenPort Status: Not hooked #: 165 Function Name: NtLoadDriver Status: Not hooked #: 166 Function Name: NtLoadKey Status: Not hooked #: 167 Function Name: NtLoadKey2 Status: Not hooked #: 168 Function Name: NtLoadKeyEx Status: Not hooked #: 169 Function Name: NtLockFile Status: Not hooked #: 170 Function Name: NtLockProductActivationKeys Status: Not hooked #: 171 Function Name: NtLockRegistryKey Status: Not hooked #: 172 Function Name: NtLockVirtualMemory Status: Not hooked #: 173 Function Name: NtMakePermanentObject Status: Not hooked #: 174 Function Name: NtMakeTemporaryObject Status: Not hooked #: 175 Function Name: NtMapUserPhysicalPages Status: Not hooked #: 176 Function Name: NtMapUserPhysicalPagesScatter Status: Not hooked #: 177 Function Name: NtMapViewOfSection Status: Not hooked #: 178 Function Name: NtModifyBootEntry Status: Not hooked #: 179 Function Name: NtModifyDriverEntry Status: Not hooked #: 180 Function Name: NtNotifyChangeDirectoryFile Status: Not hooked #: 181 Function Name: NtNotifyChangeKey Status: Not hooked #: 182 Function Name: NtNotifyChangeMultipleKeys Status: Not hooked #: 183 Function Name: NtOpenDirectoryObject Status: Not hooked #: 184 Function Name: NtOpenEvent Status: Not hooked #: 185 Function Name: NtOpenEventPair Status: Not hooked #: 186 Function Name: NtOpenFile Status: Not hooked #: 187 Function Name: NtOpenIoCompletion Status: Not hooked #: 188 Function Name: NtOpenJobObject Status: Not hooked #: 189 Function Name: NtOpenKey Status: Not hooked #: 190 Function Name: NtOpenKeyTransacted Status: Not hooked #: 191 Function Name: NtOpenMutant Status: Not hooked #: 192 Function Name: NtOpenPrivateNamespace Status: Not hooked #: 193 Function Name: NtOpenObjectAuditAlarm Status: Not hooked #: 194 Function Name: NtOpenProcess Status: Not hooked #: 195 Function Name: NtOpenProcessToken Status: Not hooked #: 196 Function Name: NtOpenProcessTokenEx Status: Not hooked #: 197 Function Name: NtOpenSection Status: Not hooked #: 198 Function Name: NtOpenSemaphore Status: Not hooked #: 199 Function Name: NtOpenSession Status: Not hooked #: 200 Function Name: NtOpenSymbolicLinkObject Status: Not hooked #: 201 Function Name: NtOpenThread Status: Not hooked #: 202 Function Name: NtOpenThreadToken Status: Not hooked #: 203 Function Name: NtOpenThreadTokenEx Status: Not hooked #: 204 Function Name: NtOpenTimer Status: Not hooked #: 205 Function Name: NtPlugPlayControl Status: Not hooked #: 206 Function Name: NtPowerInformation Status: Not hooked #: 207 Function Name: NtPrivilegeCheck Status: Not hooked #: 208 Function Name: NtPrivilegeObjectAuditAlarm Status: Not hooked #: 209 Function Name: NtPrivilegedServiceAuditAlarm Status: Not hooked #: 210 Function Name: NtProtectVirtualMemory Status: Not hooked #: 211 Function Name: NtPulseEvent Status: Not hooked #: 212 Function Name: NtQueryAttributesFile Status: Not hooked #: 213 Function Name: NtQueryBootEntryOrder Status: Not hooked #: 214 Function Name: NtQueryBootOptions Status: Not hooked #: 215 Function Name: NtQueryDebugFilterState Status: Not hooked #: 216 Function Name: NtQueryDefaultLocale Status: Not hooked #: 217 Function Name: NtQueryDefaultUILanguage Status: Not hooked #: 218 Function Name: NtQueryDirectoryFile Status: Not hooked #: 219 Function Name: NtQueryDirectoryObject Status: Not hooked #: 220 Function Name: NtQueryDriverEntryOrder Status: Not hooked #: 221 Function Name: NtQueryEaFile Status: Not hooked #: 222 Function Name: NtQueryEvent Status: Not hooked #: 223 Function Name: NtQueryFullAttributesFile Status: Not hooked #: 224 Function Name: NtQueryInformationAtom Status: Not hooked #: 225 Function Name: NtQueryInformationFile Status: Not hooked #: 226 Function Name: NtQueryInformationJobObject Status: Not hooked #: 227 Function Name: NtQueryInformationPort Status: Not hooked #: 228 Function Name: NtQueryInformationProcess Status: Not hooked #: 229 Function Name: NtQueryInformationThread Status: Not hooked #: 230 Function Name: NtQueryInformationToken Status: Not hooked #: 231 Function Name: NtQueryInstallUILanguage Status: Not hooked #: 232 Function Name: NtQueryIntervalProfile Status: Not hooked #: 233 Function Name: NtQueryIoCompletion Status: Not hooked #: 234 Function Name: NtQueryKey Status: Not hooked #: 235 Function Name: NtQueryMultipleValueKey Status: Not hooked #: 236 Function Name: NtQueryMutant Status: Not hooked #: 237 Function Name: NtQueryObject Status: Not hooked #: 238 Function Name: NtQueryOpenSubKeys Status: Not hooked #: 239 Function Name: NtQueryOpenSubKeysEx Status: Not hooked #: 240 Function Name: NtQueryPerformanceCounter Status: Not hooked #: 241 Function Name: NtQueryQuotaInformationFile Status: Not hooked #: 242 Function Name: NtQuerySection Status: Not hooked #: 243 Function Name: NtQuerySecurityObject Status: Not hooked #: 244 Function Name: NtQuerySemaphore Status: Not hooked #: 245 Function Name: NtQuerySymbolicLinkObject Status: Not hooked #: 246 Function Name: NtQuerySystemEnvironmentValue Status: Not hooked #: 247 Function Name: NtQuerySystemEnvironmentValueEx Status: Not hooked #: 248 Function Name: NtQuerySystemInformation Status: Not hooked #: 249 Function Name: NtQuerySystemTime Status: Not hooked #: 250 Function Name: NtQueryTimer Status: Not hooked #: 251 Function Name: NtQueryTimerResolution Status: Not hooked #: 252 Function Name: NtQueryValueKey Status: Not hooked #: 253 Function Name: NtQueryVirtualMemory Status: Not hooked #: 254 Function Name: NtQueryVolumeInformationFile Status: Not hooked #: 255 Function Name: NtQueueApcThread Status: Not hooked #: 256 Function Name: NtRaiseException Status: Not hooked #: 257 Function Name: NtRaiseHardError Status: Not hooked #: 258 Function Name: NtReadFile Status: Not hooked #: 259 Function Name: NtReadFileScatter Status: Not hooked #: 260 Function Name: NtReadRequestData Status: Not hooked #: 261 Function Name: NtReadVirtualMemory Status: Not hooked #: 262 Function Name: NtRegisterThreadTerminatePort Status: Not hooked #: 263 Function Name: NtReleaseMutant Status: Not hooked #: 264 Function Name: NtReleaseSemaphore Status: Not hooked #: 265 Function Name: NtRemoveIoCompletion Status: Not hooked #: 266 Function Name: NtRemoveProcessDebug Status: Not hooked #: 267 Function Name: NtRenameKey Status: Not hooked #: 268 Function Name: NtReplaceKey Status: Not hooked #: 269 Function Name: NtReplacePartitionUnit Status: Not hooked #: 270 Function Name: NtReplyPort Status: Not hooked #: 271 Function Name: NtReplyWaitReceivePort Status: Not hooked #: 272 Function Name: NtReplyWaitReceivePortEx Status: Not hooked #: 273 Function Name: NtReplyWaitReplyPort Status: Not hooked #: 274 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 275 Function Name: NtRequestPort Status: Not hooked #: 276 Function Name: NtRequestWaitReplyPort Status: Not hooked #: 277 Function Name: NtRequestWakeupLatency Status: Not hooked #: 278 Function Name: NtResetEvent Status: Not hooked #: 279 Function Name: NtResetWriteWatch Status: Not hooked #: 280 Function Name: NtRestoreKey Status: Not hooked #: 281 Function Name: NtResumeProcess Status: Not hooked #: 282 Function Name: NtResumeThread Status: Not hooked #: 283 Function Name: NtSaveKey Status: Not hooked #: 284 Function Name: NtSaveKeyEx Status: Not hooked #: 285 Function Name: NtSaveMergedKeys Status: Not hooked #: 286 Function Name: NtSecureConnectPort Status: Not hooked #: 287 Function Name: NtSetBootEntryOrder Status: Not hooked #: 288 Function Name: NtSetBootOptions Status: Not hooked #: 289 Function Name: NtSetContextThread Status: Not hooked #: 290 Function Name: NtSetDebugFilterState Status: Not hooked #: 291 Function Name: NtSetDefaultHardErrorPort Status: Not hooked #: 292 Function Name: NtSetDefaultLocale Status: Not hooked #: 293 Function Name: NtSetDefaultUILanguage Status: Not hooked #: 294 Function Name: NtSetDriverEntryOrder Status: Not hooked #: 295 Function Name: NtSetEaFile Status: Not hooked #: 296 Function Name: NtSetEvent Status: Not hooked #: 297 Function Name: NtSetEventBoostPriority Status: Not hooked #: 298 Function Name: NtSetHighEventPair Status: Not hooked #: 299 Function Name: NtSetHighWaitLowEventPair Status: Not hooked #: 300 Function Name: NtSetInformationDebugObject Status: Not hooked #: 301 Function Name: NtSetInformationFile Status: Not hooked #: 302 Function Name: NtSetInformationJobObject Status: Not hooked #: 303 Function Name: NtSetInformationKey Status: Not hooked #: 304 Function Name: NtSetInformationObject Status: Not hooked #: 305 Function Name: NtSetInformationProcess Status: Not hooked #: 306 Function Name: NtSetInformationThread Status: Not hooked #: 307 Function Name: NtSetInformationToken Status: Not hooked #: 308 Function Name: NtSetIntervalProfile Status: Not hooked #: 309 Function Name: NtSetIoCompletion Status: Not hooked #: 310 Function Name: NtSetLdtEntries Status: Not hooked #: 311 Function Name: NtSetLowEventPair Status: Not hooked #: 312 Function Name: NtSetLowWaitHighEventPair Status: Not hooked #: 313 Function Name: NtSetQuotaInformationFile Status: Not hooked #: 314 Function Name: NtSetSecurityObject Status: Not hooked #: 315 Function Name: NtSetSystemEnvironmentValue Status: Not hooked #: 316 Function Name: NtSetSystemEnvironmentValueEx Status: Not hooked #: 317 Function Name: NtSetSystemInformation Status: Not hooked #: 318 Function Name: NtSetSystemPowerState Status: Not hooked #: 319 Function Name: NtSetSystemTime Status: Not hooked #: 320 Function Name: NtSetThreadExecutionState Status: Not hooked #: 321 Function Name: NtSetTimer Status: Not hooked #: 322 Function Name: NtSetTimerResolution Status: Not hooked #: 323 Function Name: NtSetUuidSeed Status: Not hooked #: 324 Function Name: NtSetValueKey Status: Not hooked #: 325 Function Name: NtSetVolumeInformationFile Status: Not hooked #: 326 Function Name: NtShutdownSystem Status: Not hooked #: 327 Function Name: NtSignalAndWaitForSingleObject Status: Not hooked #: 328 Function Name: NtStartProfile Status: Not hooked #: 329 Function Name: NtStopProfile Status: Not hooked #: 330 Function Name: NtSuspendProcess Status: Not hooked #: 331 Function Name: NtSuspendThread Status: Not hooked #: 332 Function Name: NtSystemDebugControl Status: Not hooked #: 333 Function Name: NtTerminateJobObject Status: Not hooked #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x905ce0b0 #: 335 Function Name: NtTerminateThread Status: Not hooked #: 336 Function Name: NtTestAlert Status: Not hooked #: 337 Function Name: NtThawRegistry Status: Not hooked #: 338 Function Name: NtThawTransactions Status: Not hooked #: 339 Function Name: NtTraceEvent Status: Not hooked #: 340 Function Name: NtTraceControl Status: Not hooked #: 341 Function Name: NtTranslateFilePath Status: Not hooked #: 342 Function Name: NtUnloadDriver Status: Not hooked #: 343 Function Name: NtUnloadKey Status: Not hooked #: 344 Function Name: NtUnloadKey2 Status: Not hooked #: 345 Function Name: NtUnloadKeyEx Status: Not hooked #: 346 Function Name: NtUnlockFile Status: Not hooked #: 347 Function Name: NtUnlockVirtualMemory Status: Not hooked #: 348 Function Name: NtUnmapViewOfSection Status: Not hooked #: 349 Function Name: NtVdmControl Status: Not hooked #: 350 Function Name: NtWaitForDebugEvent Status: Not hooked #: 351 Function Name: NtWaitForMultipleObjects Status: Not hooked #: 352 Function Name: NtWaitForSingleObject Status: Not hooked #: 353 Function Name: NtWaitHighEventPair Status: Not hooked #: 354 Function Name: NtWaitLowEventPair Status: Not hooked #: 355 Function Name: NtWriteFile Status: Not hooked #: 356 Function Name: NtWriteFileGather Status: Not hooked #: 357 Function Name: NtWriteRequestData Status: Not hooked #: 358 Function Name: NtWriteVirtualMemory Status: Not hooked #: 359 Function Name: NtYieldExecution Status: Not hooked #: 360 Function Name: NtCreateKeyedEvent Status: Not hooked #: 361 Function Name: NtOpenKeyedEvent Status: Not hooked #: 362 Function Name: NtReleaseKeyedEvent Status: Not hooked #: 363 Function Name: NtWaitForKeyedEvent Status: Not hooked #: 364 Function Name: NtQueryPortInformationProcess Status: Not hooked #: 365 Function Name: NtGetCurrentProcessorNumber Status: Not hooked #: 366 Function Name: NtWaitForMultipleObjects32 Status: Not hooked #: 367 Function Name: NtGetNextProcess Status: Not hooked #: 368 Function Name: NtGetNextThread Status: Not hooked #: 369 Function Name: NtCancelIoFileEx Status: Not hooked #: 370 Function Name: NtCancelSynchronousIoFile Status: Not hooked #: 371 Function Name: NtRemoveIoCompletionEx Status: Not hooked #: 372 Function Name: NtRegisterProtocolAddressInformation Status: Not hooked #: 373 Function Name: NtPropagationComplete Status: Not hooked #: 374 Function Name: NtPropagationFailed Status: Not hooked #: 375 Function Name: NtCreateWorkerFactory Status: Not hooked #: 376 Function Name: NtReleaseWorkerFactoryWorker Status: Not hooked #: 377 Function Name: NtWaitForWorkViaWorkerFactory Status: Not hooked #: 378 Function Name: NtSetInformationWorkerFactory Status: Not hooked #: 379 Function Name: NtQueryInformationWorkerFactory Status: Not hooked #: 380 Function Name: NtWorkerFactoryWorkerReady Status: Not hooked #: 381 Function Name: NtShutdownWorkerFactory Status: Not hooked #: 382 Function Name: NtCreateThreadEx Status: Not hooked #: 383 Function Name: NtCreateUserProcess Status: Not hooked #: 384 Function Name: NtQueryLicenseValue Status: Not hooked #: 385 Function Name: NtMapCMFModule Status: Not hooked #: 386 Function Name: NtIsUILanguageComitted Status: Not hooked #: 387 Function Name: NtFlushInstallUILanguage Status: Not hooked #: 388 Function Name: NtGetMUIRegistryInfo Status: Not hooked #: 389 Function Name: NtAcquireCMFViewOwnership Status: Not hooked #: 390 Function Name: NtReleaseCMFViewOwnership Status: Not hooked Hidden Services ------------------- This post has been edited by Thaiche: Nov 3 2009, 10:37 PM

Tomk View Member Profile	Nov 6 2009, 12:51 AM Post #2
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi Thaiche, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. There are a lot of warnings scattered around the forum that beg you not to use directions that are given to someone else. There are also many warnings that ask you not to use most of the tools without supervision. Apparently you decided that these warning didn't apply to you? Anyhow... let's see if we can get things straightened back out. Please drag the copy of ComboFix you have to the recycle bin (or just right click and delete it) Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}] :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTM\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thaiche View Member Profile	Nov 6 2009, 04:08 AM Post #3
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Hah, yeah...Sorry I used the tools against the warnings..Just seemed like everyone who had the problem fixed it easy with combofix so I figured it was worth a shot....Alrighty then, Heres the log All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\combofix not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Keith ->Temp folder emptied: 33631337 bytes File delete failed. C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 16963037 bytes ->Java cache emptied: 99850776 bytes ->FireFox cache emptied: 49768947 bytes ->Google Chrome cache emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 71210 bytes User: Public %systemdrive% .tmp files removed: 0 bytes C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully. C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully. %systemroot% .tmp files removed: 557056 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 309 bytes RecycleBin emptied: 124989260 bytes Total Files Cleaned = 310.77 mb OTM by OldTimer - Version 3.0.0.6 log created on 11062009_045449 Files moved on Reboot... Registry entries deleted on Reboot... ***Oh I should add I scanned with malwarebytes again and it got rid of somthing..guess i should post that log too?...(even though it got rid of it..I'm still getting the popups..So i figured it might be coming back via system restore so I turned that off...but yeah didn't work either) Malwarebytes' Anti-Malware 1.41 Database version: 3064 Windows 6.0.6001 Service Pack 1 11/3/2009 4:55:43 PM mbam-log-2009-11-03 (16-55-43).txt Scan type: Full Scan (C:\\|) Objects scanned: 554346 Time elapsed: 3 hour(s), 35 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Keith\AppData\Roaming\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully. Files Infected: C:\Users\Keith\AppData\Roaming\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. This post has been edited by Thaiche**: Nov 6 2009, 04:43 AM

Tomk View Member Profile	Nov 6 2009, 09:17 AM Post #4
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Thaiche, Good. Let's try again a little differently. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop as Worksnow.com Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_...ams_t96260.html Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 4. Combofix prevents autorun of ALL** CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thaiche View Member Profile	Nov 6 2009, 10:01 AM Post #5
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Tried it, Got BSOD again...

Tomk View Member Profile	Nov 6 2009, 11:27 AM Post #6
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Thaiche, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thaiche View Member Profile	Nov 6 2009, 04:15 PM Post #7
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	OTL logfile created on: 11/6/2009 5:06:00 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Keith\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.19 Gb Available Physical Memory \| 59.51% Memory free 4.00 Gb Paging File \| 3.90 Gb Available in Paging File \| 97.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 465.76 Gb Total Space \| 220.93 Gb Free Space \| 47.43% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CRISIS Current User Name: Keith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/06 17:03:00 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe PRC - [2009/11/05 03:31:39 \| 01,201,640 \| ---- \| M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2009/11/04 23:52:15 \| 00,788,368 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/11/04 23:52:14 \| 01,179,232 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/11/03 20:31:21 \| 01,217,808 \| ---- \| M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe PRC - [2009/11/01 19:01:49 \| 01,055,000 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/11/01 19:01:48 \| 00,600,344 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/11/01 19:01:47 \| 00,502,040 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/11/01 19:01:46 \| 02,010,904 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/11/01 19:01:46 \| 00,702,744 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/01 19:01:46 \| 00,702,744 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/01 19:01:43 \| 00,906,520 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2009/11/01 19:01:41 \| 00,285,392 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/10/12 20:24:50 \| 02,000,112 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/10/05 14:10:02 \| 03,634,024 \| ---- \| M] (AOL LLC) -- C:\Program Files\AIM\aim.exe PRC - [2009/09/18 13:42:04 \| 04,048,240 \| ---- \| M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/09/05 22:04:43 \| 00,189,480 \| ---- \| M] () -- C:\Windows\System32\PnkBstrB.exe PRC - [2009/07/26 15:44:34 \| 03,883,856 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe PRC - [2009/07/14 12:29:06 \| 00,215,584 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009/07/14 12:29:06 \| 00,215,584 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009/07/14 11:28:00 \| 00,239,648 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/07/13 23:28:00 \| 00,024,576 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe PRC - [2009/07/13 23:22:08 \| 01,263,616 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe PRC - [2009/06/06 15:32:37 \| 00,321,856 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2009/06/04 01:22:30 \| 00,075,064 \| ---- \| M] () -- C:\Windows\System32\PnkBstrA.exe PRC - [2009/05/19 10:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/03/19 15:50:32 \| 01,818,624 \| ---- \| M] (Planex Technology, Corp.) -- C:\Program Files\Planex\Common\RaUI.exe PRC - [2009/03/02 21:16:04 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009/02/23 10:43:54 \| 00,307,200 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2009/02/06 16:07:48 \| 00,027,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2008/12/11 15:33:09 \| 00,072,704 \| ---- \| M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2008/10/29 01:29:41 \| 02,927,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/07/10 08:47:18 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/05/13 14:12:54 \| 00,069,632 \| ---- \| M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe PRC - [2008/05/01 17:41:38 \| 00,136,488 \| ---- \| M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2008/05/01 17:40:44 \| 03,032,360 \| ---- \| M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008/05/01 17:40:44 \| 03,032,360 \| ---- \| M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008/01/18 23:33:40 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008/01/18 23:33:40 \| 00,244,224 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe PRC - [2008/01/18 23:33:40 \| 00,244,224 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe PRC - [2008/01/18 23:33:40 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/18 23:33:34 \| 00,037,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008/01/18 23:33:34 \| 00,037,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008/01/18 23:33:32 \| 01,233,920 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008/01/18 23:33:32 \| 01,233,920 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008/01/18 23:33:24 \| 00,300,032 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe PRC - [2008/01/18 23:33:24 \| 00,300,032 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe PRC - [2008/01/18 23:33:14 \| 00,198,656 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008/01/18 23:33:10 \| 00,125,952 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008/01/18 23:33:10 \| 00,037,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2007/12/30 14:42:34 \| 00,724,992 \| ---- \| M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe PRC - [2007/12/14 05:42:38 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe PRC - [2007/12/14 05:42:37 \| 00,329,104 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe PRC - [2007/08/02 14:33:50 \| 00,080,528 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe PRC - [2007/07/24 14:17:08 \| 00,229,376 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007/06/07 03:50:14 \| 00,538,096 \| ---- \| M] ( ) -- C:\Windows\System32\dlbtcoms.exe PRC - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe ========== Modules (SafeList) ========== MOD - [2009/11/06 17:03:00 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe MOD - [2009/11/01 19:02:24 \| 00,012,464 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2008/01/18 23:36:42 \| 00,380,416 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008/01/18 23:26:36 \| 01,684,480 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (mi-raysat_3dsmax9_32) SRV - [2009/11/05 03:31:39 \| 01,201,640 \| ---- \| M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/11/04 23:52:14 \| 01,179,232 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/11/01 19:01:43 \| 00,906,520 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2009/11/01 19:01:41 \| 00,285,392 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/11/01 13:02:48 \| 00,320,760 \| ---- \| M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/18 13:42:04 \| 04,048,240 \| ---- \| M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/09/05 22:04:43 \| 00,189,480 \| ---- \| M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB) SRV - [2009/08/28 17:08:12 \| 00,079,360 \| ---- \| M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009/07/14 12:29:06 \| 00,215,584 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2009/07/14 11:28:00 \| 00,239,648 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/06/04 01:22:30 \| 00,075,064 \| ---- \| M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/05/19 10:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/03/16 19:39:00 \| 02,800,669 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009/02/23 10:43:54 \| 00,307,200 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008/12/11 15:33:09 \| 00,072,704 \| ---- \| M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008/12/10 00:55:06 \| 00,655,624 \| ---- \| M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/08/15 05:46:20 \| 00,284,016 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008/07/27 13:03:13 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/10 09:51:22 \| 00,532,264 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/07/10 08:47:18 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/06/19 20:14:44 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/06/19 20:14:31 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/06/19 20:14:31 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/05/23 09:14:12 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008/05/13 14:12:54 \| 00,069,632 \| ---- \| M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2008/05/01 17:40:44 \| 03,032,360 \| ---- \| M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/04/17 18:13:44 \| 05,750,784 \| ---- \| M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld) SRV - [2008/01/18 23:38:26 \| 00,272,952 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/18 23:33:40 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008/01/18 23:33:10 \| 00,292,352 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2008/01/18 00:37:26 \| 00,024,635 \| ---- \| M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache) SRV - [2007/12/30 14:42:34 \| 00,724,992 \| ---- \| M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2007/08/02 14:33:50 \| 00,080,528 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc) SRV - [2007/07/24 14:17:08 \| 00,229,376 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2007/06/07 03:50:14 \| 00,538,096 \| ---- \| M] ( ) -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device) SRV - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/02 07:35:29 \| 00,131,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 07:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 13:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009/11/05 16:57:16 \| 00,036,928 \| ---- \| M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41) DRV - [2009/11/01 19:02:23 \| 00,360,584 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009/11/01 19:02:18 \| 00,333,192 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/11/01 19:02:16 \| 00,028,424 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/10/12 20:24:56 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/10/12 20:24:54 \| 00,009,968 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/10/12 20:24:52 \| 00,074,480 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/09/23 07:55:23 \| 00,064,288 \| ---- \| M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/09/18 13:42:18 \| 00,176,752 \| ---- \| M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv) DRV - [2009/09/18 13:42:16 \| 00,029,808 \| ---- \| M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc) DRV - [2009/09/18 13:42:16 \| 00,023,152 \| ---- \| M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd) DRV - [2009/09/06 19:32:23 \| 00,014,136 \| ---- \| M] (SoftForum Corporation) -- C:\Windows\System32\JRSKD24.sys -- (JRSKD24) DRV - [2009/09/06 19:32:23 \| 00,012,600 \| ---- \| M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25) DRV - [2009/07/14 13:54:00 \| 09,557,216 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/07/14 01:52:46 \| 01,227,800 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k) DRV - [2009/07/14 01:52:34 \| 01,184,280 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2009/07/14 01:52:22 \| 00,095,768 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia) DRV - [2009/07/14 01:52:14 \| 00,159,256 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2009/07/14 01:52:04 \| 00,014,360 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2009/07/14 01:51:56 \| 00,129,560 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv) DRV - [2009/07/14 01:51:36 \| 00,536,344 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2009/07/14 01:51:26 \| 00,511,000 \| ---- \| M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k) DRV - [2009/07/14 01:51:16 \| 01,353,240 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV - [2009/07/14 01:51:16 \| 01,353,240 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV - [2009/07/14 01:51:04 \| 00,073,752 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV - [2009/07/14 01:51:04 \| 00,073,752 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT) DRV - [2009/07/14 01:50:56 \| 00,198,168 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV - [2009/07/14 01:50:56 \| 00,198,168 \| ---- \| M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT) DRV - [2009/05/10 00:19:23 \| 00,006,784 \| ---- \| M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD24.sys -- (JRSUKD24) DRV - [2009/02/18 21:15:47 \| 00,062,528 \| ---- \| M] (SafeNet Inc.) -- C:\Windows\System32\drivers\GrandUsb.sys -- (Grand) DRV - [2009/02/18 21:15:47 \| 00,010,304 \| ---- \| M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\hostnt.sys -- (HOSTNT) DRV - [2008/08/14 07:57:42 \| 00,074,720 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs) DRV - [2008/07/10 08:35:22 \| 00,032,000 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2008/06/10 20:57:52 \| 00,620,032 \| ---- \| M] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2008/06/10 20:53:24 \| 00,580,096 \| ---- \| M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870) DRV - [2008/03/17 15:14:52 \| 00,015,144 \| ---- \| M] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008/02/06 03:00:00 \| 00,044,608 \| ---- \| M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008/01/29 11:01:28 \| 00,016,168 \| ---- \| M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/01/23 16:25:30 \| 00,027,136 \| ---- \| M] (The OpenVPN Project) -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn) DRV - [2008/01/18 21:53:40 \| 00,007,680 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2008/01/15 14:11:46 \| 00,013,480 \| ---- \| M] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007/06/26 12:39:02 \| 00,035,600 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcrypt.sys -- (npkcrypt) DRV - [2007/02/16 13:12:36 \| 00,011,312 \| ---- \| M] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 18:11:28 \| 00,011,440 \| ---- \| M] (Wacom Technology) -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/01/15 19:35:18 \| 01,032,104 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2006/12/22 22:07:10 \| 00,093,696 \| ---- \| M] () -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2006/11/02 04:51:45 \| 00,900,712 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 04:51:38 \| 00,420,968 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 04:51:34 \| 00,316,520 \| ---- \| M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 04:51:32 \| 00,297,576 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 04:51:25 \| 00,235,112 \| ---- \| M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 04:51:25 \| 00,232,040 \| ---- \| M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 04:51:00 \| 00,147,048 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 04:50:45 \| 00,115,816 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 04:50:41 \| 00,112,232 \| ---- \| M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 04:50:35 \| 00,106,088 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 04:50:35 \| 00,098,408 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 04:50:35 \| 00,098,408 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 04:50:24 \| 00,088,680 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 04:50:19 \| 00,045,160 \| ---- \| M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 04:50:17 \| 00,041,576 \| ---- \| M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 04:50:16 \| 00,071,784 \| ---- \| M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 04:50:13 \| 00,040,040 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 04:50:11 \| 00,071,272 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 04:50:10 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 04:50:10 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 04:50:10 \| 00,038,504 \| ---- \| M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 04:50:10 \| 00,037,480 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 04:50:09 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 04:50:09 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 04:50:07 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 04:50:05 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 04:50:05 \| 00,035,944 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 04:50:04 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 04:50:03 \| 00,034,920 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 04:49:59 \| 00,033,384 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 04:49:56 \| 00,031,848 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 04:49:53 \| 00,028,776 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 04:49:30 \| 00,017,512 \| ---- \| M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 04:49:28 \| 00,016,488 \| ---- \| M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 04:49:20 \| 00,014,952 \| ---- \| M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 03:25:24 \| 00,071,808 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) DRV - [2006/11/02 03:24:47 \| 00,011,904 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 03:24:46 \| 00,005,248 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 03:24:45 \| 00,013,568 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 03:24:44 \| 00,062,336 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 03:24:44 \| 00,012,160 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 02:36:50 \| 00,020,608 \| ---- \| M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 02:30:54 \| 00,117,760 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) DRV - [2006/11/02 01:37:21 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/09/24 08:28:46 \| 00,005,248 \| ---- \| M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2002/06/17 09:18:54 \| 00,111,800 \| ---- \| M] (STMicroelectronics ) -- C:\Windows\System32\drivers\stv680.sys -- (STV680) DRV - [2002/06/17 09:18:52 \| 00,008,584 \| ---- \| M] (STMicroelectronics ) -- C:\Windows\System32\drivers\stv680m.sys -- (STV680m) DRV - [1996/04/03 14:33:26 \| 00,005,248 \| ---- \| M] () -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zing.vn/zing/?utm_source=hp&utm_medium=boom IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.keiichianimeforever.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696 FF - prefs.js..extensions.enabledItems: {39124730-0779-11de-8c30-0800200c9a66}:2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.5.3 FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:0.8 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.5.1 FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.2 FF - prefs.js..network.proxy.autoconfig_url: "softnyx.net" FF - prefs.js..network.proxy.socks_version: 0 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:01:28 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/01 19:01:41 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 10:39:38 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 10:39:38 \| 00,000,000 \| ---D \| M] [2008/07/06 14:40:49 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions [2008/07/06 14:40:49 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/06 08:59:34 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions [2009/08/19 20:22:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626} [2009/06/25 18:12:53 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/08/19 20:19:52 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2008/06/01 05:59:50 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531} [2009/10/31 05:24:40 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{39124730-0779-11de-8c30-0800200c9a66} [2009/09/18 03:28:20 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2008/10/15 20:04:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2008/10/15 20:04:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}-trash [2009/08/19 20:26:54 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} [2008/07/06 15:56:22 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66} [2008/07/06 16:05:59 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2008/06/01 05:25:25 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2009/08/19 20:28:51 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\glaze_black@www.theme-oasis.org [2009/11/06 08:59:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/06 10:39:38 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/05/23 09:08:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/05/27 04:22:35 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2009/11/06 10:39:36 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/11/06 10:39:36 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/05/01 16:02:48 \| 01,044,480 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll [2007/04/10 16:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2009/05/12 13:46:20 \| 01,650,992 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2009/05/18 17:41:32 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2009/07/07 16:20:42 \| 00,061,440 \| ---- \| M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll [2009/07/07 16:20:42 \| 00,065,536 \| ---- \| M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll [2009/07/02 23:34:44 \| 00,083,376 \| ---- \| M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009/05/27 15:41:50 \| 00,069,632 \| ---- \| M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2008/03/20 17:21:26 \| 01,446,440 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2009/11/06 10:39:37 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/09/25 01:02:40 \| 00,098,304 \| ---- \| M] (OGPlanet Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll [2009/09/14 19:23:31 \| 00,238,776 \| ---- \| M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2008/07/18 13:21:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2008/07/18 13:21:48 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2007/04/16 12:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/05/01 16:02:48 \| 00,200,704 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll [2009/10/31 05:24:27 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/10/31 05:24:27 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/10/31 05:24:27 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/10/31 05:24:27 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/10/31 05:24:27 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/10/29 15:20:34 \| 00,001,210 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml [2009/10/31 05:24:27 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC) O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {090AD8A7-FFC4-4BFD-B19F-9722693042DE} http://www.joycity.com/_app/cab/JCEModuleUpdaterAX.cab (JCEModuleUpdaterAX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://t1.battlefield-heroes.com/patcher/westpatcher.cab (Battlefield Heroes Installer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games ?Texas Holdem Poker) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer) O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.com/common/HanSetup1020.cab (HanSetupCtrl1010 Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe -- File not found O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell - "" = AutoRun O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell\AutoRun\command - "" = D:\start.exe -- File not found O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell - "" = AutoRun O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 17:02:57 \| 00,528,896 \| ---- \| C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe [2009/11/06 10:53:18 \| 00,000,000 \| --SD \| C] -- C:\worksnow [2009/11/06 05:16:46 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\AIM [2009/11/06 05:16:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Local\AIM [2009/11/06 05:16:46 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\AIM [2009/11/06 05:16:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AIM [2009/11/06 05:16:20 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Software Update Utility [2009/11/06 05:15:50 \| 08,116,824 \| ---- \| C] (AOL LLC.) -- C:\Users\Keith\Desktop\Install_AIM_autoupgrade_7.0.14.1.exe [2009/11/06 04:54:49 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/11/06 04:45:43 \| 00,408,064 \| ---- \| C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTM.exe [2009/11/06 04:44:22 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\DoctorWeb [2009/11/06 03:00:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2009/11/06 00:40:53 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/11/05 16:53:57 \| 21,251,816 \| ---- \| C] (Doctor Web, Ltd.) -- C:\Users\Keith\Desktop\drweb-cureit.exe [2009/11/05 16:53:36 \| 00,069,192 \| ---- \| C] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe [2009/11/05 03:57:21 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Local\AOL [2009/11/05 03:31:37 \| 00,511,328 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2009/11/05 03:31:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MSSOAP [2009/11/05 03:31:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\MSSoap [2009/11/05 03:30:51 \| 01,563,008 \| ---- \| C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2009/11/05 03:30:51 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Webroot [2009/11/05 03:30:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Roaming\Webroot [2009/11/05 03:30:51 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Webroot [2009/11/05 03:30:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Webroot [2009/11/04 23:52:59 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2009/11/04 23:52:59 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\DRVSTORE [2009/11/04 23:52:52 \| 00,093,360 \| ---- \| C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2009/11/04 23:50:31 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/04 23:50:31 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/04 23:50:02 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Lavasoft [2009/11/04 23:50:02 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Lavasoft [2009/11/04 23:50:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Lavasoft [2009/11/04 11:58:10 \| 03,584,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/11/04 00:34:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\RegCleaner [2009/11/02 14:55:13 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\Documents\Downloads [2009/11/02 14:53:00 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Local\Google [2009/11/01 19:02:29 \| 00,000,000 \| -H-D \| C] -- C:\$AVG [2009/11/01 19:02:24 \| 00,012,464 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/11/01 19:02:23 \| 00,360,584 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2009/11/01 19:02:18 \| 00,333,192 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/11/01 19:02:16 \| 00,028,424 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/11/01 19:02:00 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\drivers\Avg [2009/11/01 19:01:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AVG [2009/11/01 19:01:39 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\avg9 [2009/11/01 19:01:39 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\avg9 [2009/11/01 18:18:38 \| 00,000,000 \| ---D \| C] -- C:\Avenger [2009/11/01 17:59:13 \| 00,040,040 \| ---- \| C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys [2009/11/01 17:59:13 \| 00,021,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys [2009/11/01 16:36:16 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2009/11/01 16:36:16 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2009/11/01 16:36:16 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2009/11/01 16:36:16 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2009/11/01 16:36:01 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/11/01 16:33:57 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/31 05:10:05 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Roaming\Tonium [2009/10/31 05:09:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Tonium [2009/10/31 01:32:25 \| 00,050,688 \| ---- \| C] (Atribune.org) -- C:\Users\Keith\Desktop\ATF-Cleaner.exe [2009/10/31 01:29:55 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/10/31 01:29:53 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/10/30 15:48:53 \| 02,421,760 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2009/10/30 15:48:53 \| 01,929,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll [2009/10/30 15:48:53 \| 00,053,472 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe [2009/10/30 15:48:53 \| 00,044,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2009/10/30 15:48:20 \| 00,575,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2009/10/30 15:48:20 \| 00,087,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2009/10/30 15:48:20 \| 00,035,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2009/10/30 15:48:03 \| 00,171,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2009/10/30 15:48:03 \| 00,033,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2009/10/30 15:47:14 \| 00,310,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2009/10/30 02:08:59 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes [2009/10/30 02:08:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/10/30 02:08:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/10/30 02:08:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/29 23:08:46 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/10/29 23:08:46 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/10/29 23:07:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Roaming\SUPERAntiSpyware.com [2009/10/29 23:07:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/10/28 03:47:51 \| 10,626,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/10/28 03:47:51 \| 10,626,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmp(274).dll [2009/10/28 03:47:51 \| 10,626,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmp(159).dll [2009/10/28 03:47:48 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/10/28 03:47:48 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmploc(275).DLL [2009/10/28 03:47:48 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmploc(160).DLL [2009/10/16 01:26:19 \| 00,000,000 \| ---D \| C] -- C:\Users\Keith\AppData\Local\Fallout3 [2009/10/16 01:24:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\xlive [2009/10/16 01:24:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2009/10/15 03:33:10 \| 01,256,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009/10/15 03:33:10 \| 00,439,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys [2009/10/15 03:33:10 \| 00,213,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009/10/15 03:33:10 \| 00,175,104 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll [2009/10/15 03:33:09 \| 00,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009/10/15 03:33:09 \| 00,009,728 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe [2009/10/15 03:33:01 \| 00,833,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/10/15 03:33:01 \| 00,146,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/10/15 03:33:00 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/10/15 03:33:00 \| 01,174,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/10/15 03:32:59 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/10/15 03:32:59 \| 00,380,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009/10/15 03:32:59 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/10/15 03:32:58 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/10/15 03:32:57 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/10/15 03:32:57 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/10/15 03:32:56 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/10/15 03:32:56 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/10/15 03:32:56 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/10/15 03:32:55 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/10/15 03:32:46 \| 03,597,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2009/10/15 03:32:46 \| 03,546,184 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009/10/15 03:32:24 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/10/15 03:32:19 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/10/15 03:32:18 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/10/15 03:32:18 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/10/15 03:32:18 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/10/15 03:32:04 \| 00,061,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll [2009/10/15 03:32:01 \| 00,144,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys [2009/10/15 03:31:58 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2009/10/13 02:40:14 \| 00,266,240 \| ---- \| C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx [2009/10/09 01:11:20 \| 00,000,000 \| -H-D \| C] -- C:\Users\Keith\Desktop\irftmpdir_461390 [2009/07/13 23:30:56 \| 00,014,336 \| ---- \| C] ( ) -- C:\Windows\System32\a3d.dll [2008/06/28 14:18:29 \| 00,323,584 \| ---- \| C] ( ) -- C:\Windows\System32\DLBThcp.dll [2007/01/30 16:47:52 \| 00,643,072 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtpmui.dll [2007/01/30 16:46:00 \| 01,224,704 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtserv.dll [2007/01/30 16:38:18 \| 00,421,888 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtcomm.dll [2007/01/30 16:36:30 \| 00,585,728 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtlmpm.dll [2007/01/30 16:35:00 \| 00,397,312 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtiesc.dll [2007/01/30 16:32:06 \| 00,094,208 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtpplc.dll [2007/01/30 16:31:08 \| 00,684,032 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtcomc.dll [2007/01/30 16:30:30 \| 00,163,840 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtprox.dll [2007/01/30 16:22:32 \| 00,413,696 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtinpa.dll [2007/01/30 16:21:46 \| 00,995,328 \| ---- \| C] ( ) -- C:\Windows\System32\dlbtusb1.dll [2007/01/30 16:17:02 \| 00,696,320 \| ---- \| C] ( ) -- C:\Windows\System32\dlbthbn3.dll ========== Files - Modified Within 30 Days ========== [2009/11/06 17:07:37 \| 04,456,448 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat [2009/11/06 17:04:00 \| 00,000,908 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000UA.job [2009/11/06 17:03:00 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe [2009/11/06 16:55:19 \| 00,003,792 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 16:55:19 \| 00,003,792 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 16:29:24 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B53160E-41E3-4ADF-B179-39A3613B6DE9}.job [2009/11/06 14:28:23 \| 00,000,000 \| ---- \| M] () -- C:\Users\Keith\AppData\Local\prvlcl.dat [2009/11/06 10:58:39 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/11/06 10:55:31 \| 00,032,879 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/11/06 10:55:31 \| 00,032,879 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/11/06 10:55:31 \| 00,032,879 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/11/06 10:55:31 \| 00,032,879 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/11/06 10:55:14 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/06 10:55:03 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/06 10:54:59 \| 29,511,63904 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/06 10:53:52 \| 00,267,264 \| ---- \| M] () -- C:\Windows\PEV.exe [2009/11/06 10:35:22 \| 03,562,655 \| R--- \| M] () -- C:\Users\Keith\Desktop\worksnow.com [2009/11/06 09:48:36 \| 44,744,893 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/11/06 06:30:09 \| 00,037,063 \| ---- \| M] () -- C:\Users\Keith\Desktop\14633_173456126500_547106500_3346449_6074672_n.jpg [2009/11/06 05:16:58 \| 00,001,093 \| -H-- \| M] () -- C:\IPH.PH [2009/11/06 05:16:44 \| 00,001,698 \| ---- \| M] () -- C:\Users\Public\Desktop\AIM.lnk [2009/11/06 05:15:59 \| 08,116,824 \| ---- \| M] (AOL LLC.) -- C:\Users\Keith\Desktop\Install_AIM_autoupgrade_7.0.14.1.exe [2009/11/06 04:58:15 \| 00,055,536 \| ---- \| M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2009/11/06 04:58:15 \| 00,055,536 \| ---- \| M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2009/11/06 04:58:15 \| 00,000,820 \| ---- \| M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2009/11/06 04:57:57 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat{8860bd0b-1a6d-11de-a2b2-00044b03d508}.TMContainer00000000000000000001.regtrans-ms [2009/11/06 04:57:57 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat{8860bd0b-1a6d-11de-a2b2-00044b03d508}.TM.blf [2009/11/06 04:45:47 \| 00,408,064 \| ---- \| M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTM.exe [2009/11/06 01:10:23 \| 02,631,819 \| -H-- \| M] () -- C:\Users\Keith\AppData\Local\IconCache.db [2009/11/06 01:04:01 \| 00,000,856 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000Core.job [2009/11/06 00:00:02 \| 00,000,683 \| ---- \| M] () -- C:\Windows\System32\tversity.cookies [2009/11/05 22:23:51 \| 00,086,225 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/11/05 16:57:16 \| 00,036,928 \| ---- \| M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys [2009/11/05 16:54:51 \| 21,251,816 \| ---- \| M] (Doctor Web, Ltd.) -- C:\Users\Keith\Desktop\drweb-cureit.exe [2009/11/05 16:53:37 \| 00,069,192 \| ---- \| M] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe [2009/11/05 15:29:00 \| 00,276,705 \| ---- \| M] () -- C:\Users\Keith\Desktop\IMG_0259.JPG [2009/11/05 04:14:49 \| 00,002,301 \| ---- \| M] () -- C:\Users\Public\Desktop\Steam.lnk [2009/11/05 03:31:37 \| 00,000,240 \| ---- \| M] () -- C:\Windows\win.ini [2009/11/05 03:30:46 \| 00,000,164 \| ---- \| M] () -- C:\Windows\install.dat [2009/11/04 23:52:49 \| 00,093,360 \| ---- \| M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2009/11/04 23:52:47 \| 00,015,880 \| ---- \| M] () -- C:\Windows\System32\lsdelete.exe [2009/11/04 23:30:58 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/11/04 23:30:58 \| 00,595,446 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/11/04 23:30:58 \| 00,101,144 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/11/04 03:48:25 \| 00,109,568 \| ---- \| M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/04 00:34:09 \| 00,000,767 \| ---- \| M] () -- C:\Users\Keith\Desktop\RegCleaner.lnk [2009/11/01 19:02:24 \| 00,012,464 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/11/01 19:02:23 \| 00,360,584 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2009/11/01 19:02:18 \| 00,333,192 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/11/01 19:02:16 \| 00,113,461 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2009/11/01 19:02:16 \| 00,028,424 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/11/01 19:02:03 \| 00,492,629 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2009/11/01 19:02:02 \| 06,061,540 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2009/10/31 01:32:31 \| 00,050,688 \| ---- \| M] (Atribune.org) -- C:\Users\Keith\Desktop\ATF-Cleaner.exe [2009/10/31 01:29:58 \| 00,000,818 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/30 15:11:14 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000001.regtrans-ms [2009/10/30 15:11:14 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TM.blf [2009/10/29 15:45:17 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000002.regtrans-ms [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\Windows\MBR.exe [2009/10/22 09:50:00 \| 01,563,008 \| ---- \| M] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2009/10/22 09:43:24 \| 00,511,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2009/10/19 09:25:09 \| 03,584,000 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/10/15 23:39:41 \| 00,001,742 \| ---- \| M] () -- C:\Users\Keith\Desktop\Fallout 3.lnk ========== Files Created - No Company Name ========== [2009/11/06 10:48:42 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/11/06 10:35:20 \| 03,562,655 \| R--- \| C] () -- C:\Users\Keith\Desktop\worksnow.com [2009/11/06 06:30:09 \| 00,037,063 \| ---- \| C] () -- C:\Users\Keith\Desktop\14633_173456126500_547106500_3346449_6074672_n.jpg [2009/11/06 05:16:44 \| 00,001,698 \| ---- \| C] () -- C:\Users\Public\Desktop\AIM.lnk [2009/11/05 15:36:58 \| 00,276,705 \| ---- \| C] () -- C:\Users\Keith\Desktop\IMG_0259.JPG [2009/11/05 03:30:44 \| 00,000,164 \| ---- \| C] () -- C:\Windows\install.dat [2009/11/05 03:27:47 \| 00,015,880 \| ---- \| C] () -- C:\Windows\System32\lsdelete.exe [2009/11/04 00:34:09 \| 00,000,767 \| ---- \| C] () -- C:\Users\Keith\Desktop\RegCleaner.lnk [2009/11/02 18:23:49 \| 00,000,000 \| ---- \| C] () -- C:\Users\Keith\AppData\Local\prvlcl.dat [2009/11/02 14:53:18 \| 00,000,908 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000UA.job [2009/11/02 14:53:17 \| 00,000,856 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000Core.job [2009/11/01 19:02:16 \| 00,113,461 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2009/11/01 19:02:03 \| 44,744,893 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/11/01 19:02:03 \| 00,086,225 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/11/01 19:02:02 \| 00,492,629 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2009/11/01 19:02:00 \| 06,061,540 \| ---- \| C] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2009/11/01 16:36:16 \| 00,267,264 \| ---- \| C] () -- C:\Windows\PEV.exe [2009/11/01 16:36:16 \| 00,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2009/11/01 16:36:16 \| 00,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2009/11/01 16:36:16 \| 00,077,312 \| ---- \| C] () -- C:\Windows\MBR.exe [2009/11/01 16:36:16 \| 00,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2009/10/31 01:29:58 \| 00,000,818 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/30 15:47:55 \| 00,003,374 \| ---- \| C] () -- C:\Windows\System32\RacUR.xml [2009/10/29 15:37:17 \| 00,524,288 \| -HS- \| C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000002.regtrans-ms [2009/10/29 15:37:17 \| 00,524,288 \| -HS- \| C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000001.regtrans-ms [2009/10/29 15:37:16 \| 00,065,536 \| -HS- \| C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TM.blf [2009/10/15 23:39:41 \| 00,001,742 \| ---- \| C] () -- C:\Users\Keith\Desktop\Fallout 3.lnk [2009/09/18 13:42:10 \| 00,031,088 \| ---- \| C] () -- C:\Windows\System32\wrLZMA.dll [2009/09/06 19:30:39 \| 01,147,576 \| ---- \| C] () -- C:\Windows\System32\HanWebMsg1057.dll [2009/08/28 16:44:00 \| 00,164,864 \| ---- \| C] () -- C:\Windows\System32\APOMngr.DLL [2009/08/28 16:44:00 \| 00,073,728 \| ---- \| C] () -- C:\Windows\System32\CmdRtr.DLL [2009/08/28 16:41:33 \| 00,002,560 \| ---- \| C] () -- C:\Windows\CTXFIKOR.DLL [2009/08/19 00:29:21 \| 00,032,879 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2009/08/13 22:12:26 \| 00,032,879 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2009/07/15 22:06:36 \| 00,000,262 \| ---- \| C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/07/14 00:14:20 \| 00,027,839 \| ---- \| C] () -- C:\Windows\System32\instwdm.ini [2009/07/14 00:14:16 \| 00,000,054 \| ---- \| C] () -- C:\Windows\System32\ctzapxx.ini [2009/07/13 23:28:04 \| 00,002,560 \| ---- \| C] () -- C:\Windows\System32\CtxfiRes.dll [2009/07/13 23:28:04 \| 00,002,560 \| ---- \| C] () -- C:\Windows\CTXFIRES.DLL [2009/07/01 14:13:25 \| 00,438,272 \| ---- \| C] () -- C:\Windows\System32\RaCoInst.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009/06/19 19:06:22 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009/06/15 20:19:25 \| 00,000,032 \| R--- \| C] () -- C:\ProgramData\hash.dat [2009/06/03 14:52:55 \| 00,137,544 \| ---- \| C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/06/03 14:52:54 \| 00,139,152 \| ---- \| C] () -- C:\Users\Keith\AppData\Roaming\PnkBstrK.sys [2009/05/26 11:12:38 \| 00,000,285 \| ---- \| C] () -- C:\Windows\System32\kill.ini [2009/04/11 21:44:22 \| 01,123,000 \| ---- \| C] () -- C:\Windows\System32\HanWebMsg1056.dll [2009/02/18 21:04:55 \| 00,163,840 \| ---- \| C] () -- C:\Windows\System32\RC_Err_Info.dll [2009/01/25 23:27:51 \| 00,000,027 \| ---- \| C] () -- C:\Windows\option.ini [2008/11/17 16:00:26 \| 00,000,534 \| ---- \| C] () -- C:\Windows\entpack.ini [2008/11/01 01:26:08 \| 00,000,510 \| ---- \| C] () -- C:\Windows\WORDPAD.INI [2008/10/22 04:29:06 \| 00,173,550 \| ---- \| C] () -- C:\Windows\System32\xlive.dll.cat [2008/10/08 19:47:12 \| 00,042,320 \| ---- \| C] () -- C:\Windows\System32\xfcodec.dll [2008/09/01 13:44:26 \| 00,000,033 \| ---- \| C] () -- C:\Windows\GunzLauncher.INI [2008/08/02 23:57:33 \| 00,027,648 \| ---- \| C] () -- C:\Windows\System32\AVSredirect.dll [2008/08/02 23:43:48 \| 00,237,568 \| ---- \| C] () -- C:\Windows\System32\lame_enc.dll [2008/07/25 15:15:41 \| 00,089,416 \| ---- \| C] () -- C:\Windows\SystemInfo.dll [2008/07/19 23:04:18 \| 00,000,600 \| ---- \| C] () -- C:\Users\Keith\AppData\Roaming\winscp.rnd [2008/06/28 14:18:29 \| 00,274,432 \| ---- \| C] () -- C:\Windows\System32\DLBTinst.dll [2008/06/05 07:58:26 \| 00,197,912 \| ---- \| C] () -- C:\Windows\System32\physxcudart_20.dll [2008/05/29 17:06:10 \| 00,393,216 \| ---- \| C] () -- C:\Windows\System32\INICRYPTOSDK.dll [2008/05/23 15:15:03 \| 00,109,568 \| ---- \| C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/23 09:30:16 \| 00,029,239 \| ---- \| C] () -- C:\Users\Keith\AppData\Roaming\UserTile.png [2008/05/23 07:12:40 \| 00,000,552 \| ---- \| C] () -- C:\Users\Keith\AppData\Local\d3d8caps.dat [2008/05/23 07:10:46 \| 02,631,819 \| -H-- \| C] () -- C:\Users\Keith\AppData\Local\IconCache.db [2008/05/23 07:02:07 \| 00,118,648 \| ---- \| C] () -- C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT [2008/05/23 07:01:50 \| 00,000,680 \| ---- \| C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat [2008/03/14 17:26:34 \| 00,037,375 \| ---- \| C] () -- C:\Program Files\openoffice.org-xsltfilter.cab [2008/03/14 17:26:33 \| 02,489,204 \| ---- \| C] () -- C:\Program Files\openoffice.org-writer.cab [2008/03/14 17:26:24 \| 00,207,388 \| ---- \| C] () -- C:\Program Files\openoffice.org-testtool.cab [2008/03/14 17:26:22 \| 02,504,855 \| ---- \| C] () -- C:\Program Files\openoffice.org-pyuno.cab [2008/03/14 17:26:03 \| 00,051,973 \| ---- \| C] () -- C:\Program Files\openoffice.org-onlineupdate.cab [2008/03/14 17:26:02 \| 01,090,334 \| ---- \| C] () -- C:\Program Files\openoffice.org-math.cab [2008/03/14 17:25:58 \| 00,118,910 \| ---- \| C] () -- C:\Program Files\openoffice.org-javafilter.cab [2008/03/14 17:25:57 \| 01,254,017 \| ---- \| C] () -- C:\Program Files\openoffice.org-impress.cab [2008/03/14 17:25:51 \| 00,086,870 \| ---- \| C] () -- C:\Program Files\openoffice.org-graphicfilter.cab [2008/03/14 17:25:50 \| 00,002,769 \| ---- \| C] () -- C:\Program Files\openoffice.org-emailmerge.cab [2008/03/14 17:25:49 \| 00,919,329 \| ---- \| C] () -- C:\Program Files\openoffice.org-draw.cab [2008/03/14 17:25:43 \| 02,031,954 \| ---- \| C] () -- C:\Program Files\openoffice.org-core09.cab [2008/03/14 17:25:37 \| 00,293,054 \| ---- \| C] () -- C:\Program Files\openoffice.org-core08.cab [2008/03/14 17:25:31 \| 03,842,531 \| ---- \| C] () -- C:\Program Files\openoffice.org-core07.cab [2008/03/14 17:25:21 \| 28,861,971 \| ---- \| C] () -- C:\Program Files\openoffice.org-core06.cab [2008/03/14 17:21:09 \| 18,636,793 \| ---- \| C] () -- C:\Program Files\openoffice.org-core05.cab [2008/03/14 17:19:55 \| 16,453,751 \| ---- \| C] () -- C:\Program Files\openoffice.org-core04.cab [2008/03/14 17:18:52 \| 09,118,219 \| ---- \| C] () -- C:\Program Files\openoffice.org-core03.cab [2008/03/14 17:18:28 \| 03,860,200 \| ---- \| C] () -- C:\Program Files\openoffice.org-core02.cab [2008/03/14 17:18:14 \| 15,102,497 \| ---- \| C] () -- C:\Program Files\openoffice.org-core01.cab [2008/03/14 17:17:34 \| 04,696,905 \| ---- \| C] () -- C:\Program Files\openoffice.org-calc.cab [2008/03/14 17:17:15 \| 01,802,028 \| ---- \| C] () -- C:\Program Files\openoffice.org-base.cab [2008/03/14 17:17:08 \| 00,043,005 \| ---- \| C] () -- C:\Program Files\openoffice.org-activex.cab [2008/03/14 17:17:04 \| 00,000,217 \| ---- \| C] () -- C:\Program Files\setup.ini [2008/03/14 17:17:03 \| 04,372,992 \| ---- \| C] () -- C:\Program Files\openofficeorg24.msi [2007/02/19 09:20:28 \| 00,106,496 \| ---- \| C] () -- C:\Windows\System32\dlbtinsr.dll [2007/02/19 09:20:24 \| 00,036,864 \| ---- \| C] () -- C:\Windows\System32\dlbtcur.dll [2007/02/19 09:20:02 \| 00,135,168 \| ---- \| C] () -- C:\Windows\System32\dlbtjswr.dll [2007/02/19 09:17:06 \| 00,176,128 \| ---- \| C] () -- C:\Windows\System32\dlbtinsb.dll [2007/02/19 09:17:00 \| 00,086,016 \| ---- \| C] () -- C:\Windows\System32\dlbtcub.dll [2007/02/19 09:16:52 \| 00,073,728 \| ---- \| C] () -- C:\Windows\System32\dlbtcu.dll [2007/02/19 09:16:48 \| 00,159,744 \| ---- \| C] () -- C:\Windows\System32\dlbtins.dll [2007/02/19 09:15:34 \| 00,434,176 \| ---- \| C] () -- C:\Windows\System32\dlbtutil.dll [2007/02/07 19:57:16 \| 00,344,064 \| ---- \| C] () -- C:\Windows\System32\dlbtcoin.dll [2007/01/22 09:18:28 \| 00,069,632 \| ---- \| C] () -- C:\Windows\System32\dlbtcfg.dll [2007/01/10 02:59:52 \| 00,217,088 \| ---- \| C] () -- C:\Windows\NVGfxOgl.dll [2006/12/22 22:07:10 \| 00,093,696 \| ---- \| C] () -- C:\Windows\System32\drivers\nvstor32.sys [2006/11/02 07:50:50 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files\desktop.ini [2006/11/02 07:37:35 \| 00,030,808 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 07:37:35 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 07:37:35 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 07:37:35 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 07:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:23:31 \| 00,000,240 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 05:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 02:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2005/12/08 02:19:22 \| 00,061,440 \| ---- \| C] () -- C:\Windows\System32\EGamesPlugin.dll [2005/12/08 02:19:22 \| 00,036,864 \| ---- \| C] () -- C:\Windows\System32\EGameEncrypt.dll [2005/08/18 12:26:46 \| 00,040,960 \| ---- \| C] () -- C:\Windows\System32\dlbtvs.dll [2005/05/25 15:07:26 \| 00,061,440 \| ---- \| C] () -- C:\Windows\System32\dlbtcnv4.dll [1996/04/03 14:33:26 \| 00,005,248 \| ---- \| C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2008/05/23 07:42:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\acccore [2008/06/24 06:19:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Aegisub [2009/09/05 23:09:09 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Broken Rules [2008/10/14 04:16:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\ClientKeeper [2009/11/06 17:05:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\DNA [2009/06/08 22:41:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\DragonicaSCB [2009/03/26 19:17:53 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\ExportTool [2008/05/29 07:21:09 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\FrostWire [2009/03/25 13:39:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\GARMIN [2008/07/01 01:37:31 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\GetRightToGo [2009/08/12 19:24:05 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\HiveRise [2009/06/30 15:59:36 \| 00,000,000 \| -H-D \| M] -- C:\Users\Keith\AppData\Roaming\ijjigame [2008/07/18 17:49:03 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\iPhoneRingToneMaker [2009/08/12 18:55:30 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Mount&Blade [2009/07/28 17:09:59 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\NeopleLauncherDFO [2008/11/04 04:37:25 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\NPLUTO Corporation [2008/05/23 09:30:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\PeerNetworking [2009/02/22 02:35:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Red Kawa [2008/07/30 02:23:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\SYSTEMAX Software Development [2009/08/13 21:37:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\SystemRequirementsLab [2009/06/04 20:05:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\TalesRunner [2009/06/09 11:10:03 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Thinstall [2009/10/31 05:10:05 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\Tonium [2009/07/21 16:14:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Keith\AppData\Roaming\XLink Kai [2009/11/06 10:58:39 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/11/06 10:55:14 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/11/06 04:58:00 \| 00,032,646 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/11/06 16:29:24 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B53160E-41E3-4ADF-B179-39A3613B6DE9}.job ========== Purity Check ========== < End of report >

Thaiche View Member Profile	Nov 6 2009, 04:16 PM Post #8
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	OTL Extras logfile created on: 11/6/2009 5:06:00 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Keith\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.19 Gb Available Physical Memory \| 59.51% Memory free 4.00 Gb Paging File \| 3.90 Gb Available in Paging File \| 97.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 465.76 Gb Total Space \| 220.93 Gb Free Space \| 47.43% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CRISIS Current User Name: Keith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{038CC5CC-2C61-43F1-9E95-D69B78850108}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{03FCE97B-536C-4D4A-816B-012CA90F6AB4}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| "{0DFA344C-E658-4B79-B65D-5EA3D417CE48}" = lport=554 \| protocol=6 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{1420044B-082E-45E4-A7E9-1E21601F3260}" = lport=10244 \| protocol=6 \| dir=in \| app=system \| "{1B831A01-B562-478E-B152-0483F0B76078}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{1CD7D2F8-06C4-49BB-AB44-82858F2DE8FB}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| "{1F14B028-32AE-484D-917A-290BA7E002C9}" = lport=554 \| protocol=6 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{31F36AFA-24D2-47BB-BA51-E4862A61924B}" = lport=5353 \| protocol=6 \| dir=in \| name=adobe csi cs4 \| "{3C86A0F0-8650-4624-8A4E-FC27855EA98C}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{3CC87530-01E2-4389-8CD6-FAA513E2CBDD}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{43DD0B69-BD50-4AA8-8F22-7E3A4C574B33}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{4BB1E7F2-51BC-4834-B0C2-D80124B12E4B}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{4C917BD6-8E29-4DB9-8BB2-ACDF8F76D022}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{4FE1B196-A567-4163-8B6B-B7D62C4AC15B}" = lport=7777 \| protocol=17 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{512E7479-3B46-49A4-8B18-3A114484521C}" = lport=7777 \| protocol=17 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{55B46A97-8942-465C-8084-C2CA06B0D5E9}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{5D59FDCB-2CD4-4C47-9992-276F5D334F27}" = rport=10244 \| protocol=6 \| dir=out \| app=system \| "{62357D16-651C-4610-8C09-745C45FCC50B}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{771FFB1F-9899-4EFA-8B26-7F17BEEC563A}" = lport=3390 \| protocol=6 \| dir=in \| app=system \| "{821C834F-BBFD-4B15-A0BD-A4F56BF6B537}" = lport=10244 \| protocol=6 \| dir=in \| app=system \| "{8262CF79-649A-42C5-8A2F-FB6F7100F13A}" = lport=3390 \| protocol=6 \| dir=in \| app=system \| "{82EB9345-12D4-4ED3-84F1-00DFD9231A5A}" = lport=3703 \| protocol=6 \| dir=in \| name=adobe version cue cs4 server \| "{82EC72EE-1F24-46CA-B145-CC4A661C6859}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{85497175-B798-4218-B1DF-7B9C5A0BE960}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{9720A721-17B1-49BC-AB6A-789DD4EA6FEA}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{A78086FE-8964-432E-A83B-A7284603E0FE}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{ABA2CD82-DF6C-4211-BDCE-4AE2E53A0311}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{B96DE2EE-2CB3-4C92-8BDE-80F9C638DE2E}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{B9F9C168-FAC4-42AC-9155-9C1AA172E80C}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{C04A1766-4C3D-43EA-9F36-01FEC1CE3DB3}" = lport=51001 \| protocol=6 \| dir=in \| name=adobe version cue cs4 server \| "{C51DB2F8-56D0-4D22-A6A4-86038560B2A4}" = rport=10243 \| protocol=6 \| dir=out \| app=system \| "{C6687D99-6F22-484A-AD5F-2BF8DCF33D39}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{CEA0E78D-383F-4181-AD17-059F9DAE1138}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{CF1AFAE7-45DA-4FD7-B5CA-BE28A095EC2F}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=c:\windows\system32\svchost.exe \| "{D89A08DF-DD4C-4010-9A02-FFD344C33DFF}" = lport=10243 \| protocol=6 \| dir=in \| app=system \| "{DB77EF33-58F1-4519-8660-A55DCA806782}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{DBD86AFB-9540-4CC8-B806-83B8145309F5}" = lport=51000 \| protocol=6 \| dir=in \| name=adobe version cue cs4 server \| "{DCB6F641-E90B-4B7B-A14D-3A447B699066}" = lport=3704 \| protocol=6 \| dir=in \| name=adobe version cue cs4 server \| "{DD2F2E1D-0900-4418-BCBF-DE545DBD1DD2}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{FD1CD53A-75DE-4841-953A-D8BC02E4A4F2}" = rport=10244 \| protocol=6 \| dir=out \| app=system \| "{FFD48296-1C03-4F82-8B17-3418E41B0DC0}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009B04E0-EA8B-43CA-B70C-B6E9D26F0D03}" = protocol=6 \| dir=in \| app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe \| "{021279C9-9F4E-4143-B379-60C57CEED3A7}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{05C50C44-C43A-4E0B-B8F5-EA55712D6271}" = protocol=17 \| dir=in \| app=c:\program files\ventrilo\ventrilo.exe \| "{070E902B-C5CA-4BCF-88EF-298EC712889F}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{084A4B7D-511C-4B7E-94F2-C0C7ABD823B7}" = protocol=6 \| dir=in \| app=c:\program files\pando networks\media booster\pmb.exe \| "{0D897BDF-E4F9-451C-8049-0F2B81CB7798}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{0DC4F738-99C3-4709-8A68-1E101AECAD81}" = protocol=6 \| dir=in \| app=c:\program files\autodesk\backburner\manager.exe \| "{10BB21C1-122D-4FE1-B837-69A18E6CC4C2}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\coil\coil.exe \| "{110F8E46-B714-4ACC-901B-12F424D2F049}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{1218537F-0007-4ADC-B5E8-F8182B4C7EC1}" = protocol=17 \| dir=in \| app=c:\program files\tversity\media server\tversity.exe \| "{14329FE9-A8DE-4BE2-AC94-AF97974FD95D}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{148A6463-F13B-4A7D-B7F7-854EF52FB24F}" = protocol=6 \| dir=in \| app=c:\program files\autodesk\3ds max 9\3dsmax.exe \| "{164C0DC6-9504-4E25-A509-5A8EB610CDC5}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\blueberry garden demo\blueberrygarden.exe \| "{180AAFF2-3FB2-40A0-8A03-FD3318D3DCA6}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{1B33AF22-BBB0-43E1-B1B5-3C5E6DBEC801}" = dir=in \| app=c:\program files\avg\avg9\avgemc.exe \| "{1B46568C-65A1-41ED-8F97-75F83652F572}" = protocol=17 \| dir=in \| app=c:\program files\pando networks\media booster\pmb.exe \| "{1BFA1366-24D9-4FA1-810A-EDEF247DB812}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{1EBB7574-A810-4124-898E-449696054841}" = protocol=6 \| dir=in \| app=c:\windows\system32\pnkbstra.exe \| "{1F5C063E-E452-4159-888F-D9CFBA5ACA25}" = protocol=17 \| dir=in \| app=c:\program files\dna\btdna.exe \| "{1FCD0D19-3EC6-4D03-ACE0-66D53DAC9E18}" = dir=in \| app=c:\program files\avg\avg9\avgupd.exe \| "{235154B9-289E-4CC4-8CBB-E0F65EEF07B1}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\mcx2prov.exe \| "{246C1192-8F2F-4339-B59E-84E4C6702A22}" = dir=in \| app=c:\program files\avg\avg9\avgnsx.exe \| "{24EBBEA6-0661-4738-87AA-7FA5A0DF89B7}" = protocol=17 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{283EE9B9-4FD5-4124-8B0C-978B610FDEDF}" = protocol=6 \| dir=in \| app=c:\windows\system32\pnkbstrb.exe \| "{285D85B1-6003-4466-9021-6574F130C549}" = protocol=17 \| dir=in \| app=c:\program files\willing webcam\wwcam.exe \| "{28888505-9689-4D2F-A634-50592BF50918}" = protocol=6 \| dir=in \| app=c:\program files\frostwire\frostwire.exe \| "{2C48E5BA-4CC5-4026-9E82-ED46ED700315}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe \| "{2E5B856B-5087-4726-BD4C-826BAEF1FB68}" = protocol=6 \| dir=in \| app=c:\program files\pando networks\media booster\pmb.exe \| "{2F8335F8-8EEB-4D41-8414-45E92032F7A2}" = protocol=6 \| dir=in \| app=c:\program files\autodesk\backburner\monitor.exe \| "{32190728-2E66-47DE-B1DD-E8F26DAF20EC}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{35834136-A252-4B67-A26B-D690EFAE8437}" = protocol=17 \| dir=in \| app=c:\program files\pando networks\media booster\pmb.exe \| "{3B072A21-8FF1-4772-9DB0-D43CEB815314}" = protocol=17 \| dir=in \| app=c:\program files\aim\aim.exe \| "{419854D7-E9C9-41A5-9EDE-57699AFFEB9B}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{4274135A-7A1E-47EF-924C-BA4353F52CC4}" = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{45715331-3154-4661-9BCD-A006A4A3380C}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe \| "{45F62ACA-BB3D-45D3-AD0C-F471E15CC14C}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{4A810ACA-1128-4E5D-99C7-21B29F7D23A0}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe \| "{4FE3EE1C-ACD5-4E8F-A77E-5D5798FA5249}" = protocol=6 \| dir=out \| svc=mcx2svc \| app=%systemroot%\system32\svchost.exe \| "{520CDA78-D3C2-4227-98CB-29D588FD9228}" = protocol=6 \| dir=in \| app=c:\program files\willing webcam\wwcam.exe \| "{558979F3-35AF-4837-9ED4-745188B01DD1}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{5A7E7B40-EEDC-4070-A22A-30267A8D55B9}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\mini ninjas - demo\ninja.exe \| "{5BDDD856-9BF7-4811-8DB8-B35BDD9D16DE}" = protocol=6 \| dir=in \| app=c:\programdata\nexonus\ngm\ngm.exe \| "{62AAD2D2-B095-4625-9C0B-171DEBA994CF}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{65434AD6-3F71-4B12-8D6E-E6A11EE7DD8D}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\mcx2prov.exe \| "{6812A473-FACA-47E0-9296-767671B16141}" = protocol=6 \| dir=in \| app=c:\program files\vinagame\boomonline\ca.exe \| "{6A2AD24B-B3D8-410B-8FCA-38A82358CBA6}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe \| "{6D3DEF2A-24D6-4187-B828-82867D1CA8FC}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{70126CA8-C8F8-402A-BDAE-9D2F839DF6F8}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe \| "{720F4F8A-7277-45DB-AC76-595A4BA220E2}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\blueberry garden demo\blueberrygarden.exe \| "{740D541E-DEE1-4B8C-A574-3D191DA35EED}" = protocol=17 \| dir=in \| app=c:\users\keith\appdata\local\temp\purplebean.exe \| "{75BFB1B0-5565-4505-84BC-C4F00DDEAFFA}" = protocol=17 \| dir=in \| app=c:\windows\system32\pnkbstra.exe \| "{7BDF13B7-0373-4237-8B5E-BE36C2BC4E05}" = protocol=17 \| dir=in \| app=c:\program files\autodesk\backburner\manager.exe \| "{7E52DD2B-5D89-4C8C-AB24-400E579AC22F}" = dir=in \| app=c:\program files\pando networks\media booster\pmb.exe \| "{7FB639C2-8CDF-4BF9-B835-FEEDAA07DE4B}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe \| "{8022CABE-0D34-4E01-A054-9E9AC3B9E69F}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe \| "{82540204-FAF4-466D-9BDA-ABBC159B6969}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe \| "{84E0F9FF-0B02-44C7-866C-1326AD8EC4D2}" = protocol=17 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{86FB5F97-322D-44A5-9785-848C58B35C96}" = protocol=6 \| dir=in \| app=c:\windows\system32\dlbtcoms.exe \| "{89CBF807-0868-453B-AC50-3755C7841EED}" = protocol=17 \| dir=in \| app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe \| "{8CB1E494-A092-4B6E-B06B-A0FF45F8DB50}" = protocol=17 \| dir=in \| app=c:\program files\hiverise\hiverise.exe \| "{8D116D9F-E8CF-4DB8-B9CE-17B3E07DFA99}" = protocol=17 \| dir=in \| app=c:\programdata\nexonus\ngm\ngm.exe \| "{8DD080A7-8F30-43A0-93EE-E6D0D57E0679}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{90CD42FF-131B-4B25-B2E9-1FC94032D770}" = protocol=17 \| dir=in \| app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe \| "{931AE0C8-535B-4D6B-8D4A-A61331E9D7AB}" = protocol=17 \| dir=in \| app=c:\program files\vinagame\boomonline\nmcosrv.exe \| "{96CF3C0B-135E-42E6-8B33-21D43C6B2AF4}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\darkest of days demo\darkestofdays.exe \| "{9739899B-C85E-4A6F-8E3F-64262F3358C4}" = protocol=17 \| dir=in \| app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe \| "{97C890D5-A87E-4939-972A-A4A08279A1BA}" = protocol=6 \| dir=in \| app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe \| "{991F794C-3C8B-4E7F-85CA-B6E24A3D9DD4}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{9C6A9693-2633-46DC-A7E7-FBE4EAA0DF08}" = protocol=17 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{9E0CB58E-889B-40F3-B2E4-39D3DBFD6DA9}" = dir=in \| app=c:\program files\windows live\messenger\livecall.exe \| "{A2039032-9BB2-4F2C-83A5-50AB0B785670}" = protocol=6 \| dir=in \| app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe \| "{A968FE27-6E63-489C-B451-607300CCE258}" = protocol=6 \| dir=in \| app=c:\program files\dna\btdna.exe \| "{AA749E76-100C-4EB3-878D-8A97369E122C}" = protocol=17 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{ABD015A1-C0DB-422B-8FD7-54522A4CFF55}" = protocol=6 \| dir=in \| app=c:\users\keith\appdata\local\temp\purplebean.exe \| "{ABF8A75D-DFFD-4F73-A6D3-CC15C5D0DF7C}" = protocol=6 \| dir=in \| app=c:\program files\tversity\media server\tversity.exe \| "{ADCCC89B-F892-4362-A63D-7C4D5A4DD397}" = dir=in \| app=c:\program files\skype\phone\skype.exe \| "{B070E505-D845-4415-9BC4-728B533C77D7}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe \| "{B590A11C-F0E4-437B-B141-3C89769CFDA5}" = protocol=17 \| dir=in \| app=c:\windows\system32\pnkbstrb.exe \| "{B5A5897B-9A1D-41FD-8380-3FB55C69BA36}" = protocol=17 \| dir=in \| app=c:\program files\autodesk\backburner\server.exe \| "{B88E2168-E67A-40EB-BD09-E11D0C884DDB}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\coil\coil.exe \| "{BAD88F4C-E1C7-42CE-BB53-1FB1DD55AA20}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\mini ninjas - demo\ninja.exe \| "{BF812334-1894-4FBE-AC43-5456D024FE66}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\darkest of days demo\darkestofdays.exe \| "{BFC4AB42-ED23-4AEA-B169-54D1637BD17F}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{C05BC8A3-E0A2-416A-AE0F-50541F15D726}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{C3902495-A73A-454F-B938-D39F16CF4D2B}" = protocol=6 \| dir=out \| svc=mcx2svc \| app=%systemroot%\system32\svchost.exe \| "{C606646D-5B8A-4735-949A-DB64DDC1BA18}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\flock demo\flock.exe \| "{C8EC7095-4529-42E8-A6D9-C2B7B4E823D2}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe \| "{CF26A2B9-A8F5-4AF7-8835-2E54ADF10E3D}" = protocol=6 \| dir=in \| app=c:\program files\ventrilo\ventrilo.exe \| "{D362EDEE-DFDC-4EBF-A46A-F1B45D2F7A4D}" = dir=in \| app=c:\program files\windows live\messenger\wlcsdk.exe \| "{D623B7AE-3828-49E2-942C-CEC6A25C0B60}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe \| "{D6AFA648-6B36-4645-8821-0E1BBE534FE3}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe \| "{D76B5674-17C7-4CA1-BF14-EA1E90143453}" = protocol=17 \| dir=in \| app=c:\program files\vinagame\boomonline\ca.exe \| "{D81E39DB-E3BF-4CB0-8529-FB4228D065DA}" = protocol=6 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{D89CA61D-6C15-4A78-ACB4-EDCDABF21D1B}" = protocol=6 \| dir=out \| app=system \| "{DA3FA35F-4C4B-4D63-BA98-5321B5DA7FCE}" = protocol=17 \| dir=in \| app=c:\program files\frostwire\frostwire.exe \| "{DCC85DC4-DCA0-42B2-941B-8709F7538B9C}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{E2C369AF-32DD-46B3-85AA-AA625A72E42C}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe \| "{E3993F7E-BD0C-42B4-A48C-17D9E635DDD5}" = protocol=6 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{E487D915-4B59-43C2-9B8E-D00214296998}" = protocol=17 \| dir=in \| app=c:\program files\autodesk\backburner\monitor.exe \| "{EC65C750-5D2A-46E4-8EF6-7C646CE53E00}" = protocol=6 \| dir=in \| app=c:\program files\hiverise\hiverise.exe \| "{EFDC1C3E-D7AD-4841-90E1-13C02773A5E3}" = protocol=6 \| dir=in \| app=c:\program files\vinagame\boomonline\nmcosrv.exe \| "{F2478089-C945-4320-90E1-4D3FEB11F05A}" = protocol=6 \| dir=in \| app=c:\program files\autodesk\backburner\server.exe \| "{F46E25FB-E578-4AE9-BDF0-597F294F9714}" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\flock demo\flock.exe \| "{F6B6F451-A6B8-4760-BD8A-D0DB26FFDC92}" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe \| "{F7A4EA0B-C1B6-4D95-97B6-76E10298ECD2}" = protocol=6 \| dir=in \| app=c:\program files\aim\aim.exe \| "{FD7E8B51-8F67-4D77-8FB8-FCF73027D4F5}" = protocol=17 \| dir=in \| app=c:\windows\system32\dlbtcoms.exe \| "{FF1CB27F-A8F6-433C-836D-F9182736B1ED}" = protocol=17 \| dir=in \| app=c:\program files\autodesk\3ds max 9\3dsmax.exe \| "TCP Query User{03CE7A96-ED58-42C6-A281-039608AF8D8E}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=6 \| dir=in \| app=c:\program files\gpotato\talesrunner\trgame.exe \| "TCP Query User{0B930290-F2DD-4E78-B1A1-C259A19C3EBA}C:\ijji\english\u_skid.exe" = protocol=6 \| dir=in \| app=c:\ijji\english\u_skid.exe \| "TCP Query User{14D013DD-EEFD-4D03-A1E9-8C7538FCD219}C:\ijji\english\u_gbound.exe" = protocol=6 \| dir=in \| app=c:\ijji\english\u_gbound.exe \| "TCP Query User{1A975B04-0F88-4428-A26C-7AA654D6818B}C:\programdata\ijjigame\plauncher.exe" = protocol=6 \| dir=in \| app=c:\programdata\ijjigame\plauncher.exe \| "TCP Query User{1C755DA7-DD38-4C8A-AC90-1729500974FA}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=6 \| dir=in \| app=c:\pentavision\djmaxtrilogy\mainlauncher.exe \| "TCP Query User{23C87BDF-184B-4643-BD03-F7A716CE342D}C:\users\keith\desktop\do_full-client_downloader.exe" = protocol=6 \| dir=in \| app=c:\users\keith\desktop\do_full-client_downloader.exe \| "TCP Query User{382AE77E-56CF-4D0F-A878-BF7B8B43C1D8}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=6 \| dir=in \| app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe \| "TCP Query User{4D41C324-94DE-437D-8C49-5628636A9CD9}C:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe \| "TCP Query User{55134B5C-35FC-4AE1-BB85-1EADF5CEC5D3}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 \| dir=in \| app=c:\program files\softnyx\gunboundwc\gunbound.gme \| "TCP Query User{59E19F83-6217-4F0B-854F-537073BE2094}C:\program files\xlink kai\kaiengine.exe" = protocol=6 \| dir=in \| app=c:\program files\xlink kai\kaiengine.exe \| "TCP Query User{5AD69580-B722-4C84-A101-56E4D9CD2771}C:\program files\monte cristo\cities xl\cds\citiesxl_http.exe" = protocol=6 \| dir=in \| app=c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe \| "TCP Query User{6782C030-CC0E-4AB9-8E10-90FC50D60817}C:\users\keith\desktop\citiesxl_downloader.exe" = protocol=6 \| dir=in \| app=c:\users\keith\desktop\citiesxl_downloader.exe \| "TCP Query User{6D975A4B-168D-48C5-B881-E07E7630A3CB}C:\program files\itunes\itunes.exe" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "TCP Query User{719EDA30-7EE0-4FA0-81BC-6158D313F77D}C:\ijji\english\gunz\gunz.exe" = protocol=6 \| dir=in \| app=c:\ijji\english\gunz\gunz.exe \| "TCP Query User{739C1C6D-D744-41D6-B960-82C77A51FA35}C:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe" = protocol=6 \| dir=in \| app=c:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe \| "TCP Query User{74DF8368-CAB8-49E3-AF27-06E5B90BB9D9}C:\program files\xfire\xfire.exe" = protocol=6 \| dir=in \| app=c:\program files\xfire\xfire.exe \| "TCP Query User{8ADB5BE3-EE07-4399-9236-53DA75C9CFDA}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=6 \| dir=in \| app=c:\program files\cyberstep\splash fighters\amped.exe \| "TCP Query User{8D4F964E-4E30-4A2C-8940-12C9717DCF66}C:\program files\bitlord\bitlord.exe" = protocol=6 \| dir=in \| app=c:\program files\bitlord\bitlord.exe \| "TCP Query User{8FDB9ECA-96C8-4686-B6E2-ED30B1440C60}C:\program files\steam\steamapps\thaiche\half-life\hl.exe" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\thaiche\half-life\hl.exe \| "TCP Query User{913CC39E-B2C1-49BC-B872-BE62DDBDD52C}C:\ijji\english\u_goonzu.exe" = protocol=6 \| dir=in \| app=c:\ijji\english\u_goonzu.exe \| "TCP Query User{AC0DE43B-89DB-4D13-82A7-635DD5928811}C:\program files\driftcity\driftcity.exe" = protocol=6 \| dir=in \| app=c:\program files\driftcity\driftcity.exe \| "TCP Query User{B1F1240B-9A28-426B-B604-604693273713}C:\program files\aim6\aim6.exe" = protocol=6 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "TCP Query User{BA43435D-D289-4262-977B-4FA6085B2261}C:\program files\bitlord\bitlord.exe" = protocol=6 \| dir=in \| app=c:\program files\bitlord\bitlord.exe \| "TCP Query User{BAF74206-CFD1-4508-846E-DB64A3968882}C:\nexon\dfo\dfo.exe" = protocol=6 \| dir=in \| app=c:\nexon\dfo\dfo.exe \| "TCP Query User{CD807493-6D60-4E3A-AF51-8DB43DF931C4}C:\program files\driftcity\driftcity.exe" = protocol=6 \| dir=in \| app=c:\program files\driftcity\driftcity.exe \| "TCP Query User{CF52D951-0BC9-474E-8933-4FB0AFA55D99}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 \| dir=in \| app=c:\ijji\english\gunbound revolution\gunbound.gme \| "TCP Query User{D1764435-D494-4C44-9204-FF9149A61E49}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=6 \| dir=in \| app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe \| "TCP Query User{D314B54A-B289-4A5A-8D66-25FA97F6508E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 \| dir=in \| app=c:\program files\veoh networks\veoh\veohclient.exe \| "TCP Query User{DCA6BC31-D39B-4424-AD28-374AE1B3BAD0}C:\program files\ijji\ijji reactor\outbound_pul.exe" = protocol=6 \| dir=in \| app=c:\program files\ijji\ijji reactor\outbound_pul.exe \| "TCP Query User{DDF0A9A4-70BE-4373-AE6A-16A1B1B3B2FA}C:\ijji\english\u_gunz.exe" = protocol=6 \| dir=in \| app=c:\ijji\english\u_gunz.exe \| "TCP Query User{DE9EFA88-C8B8-4CB6-96AC-553595652530}C:\program files\xlink kai\kaiengine.exe" = protocol=6 \| dir=in \| app=c:\program files\xlink kai\kaiengine.exe \| "TCP Query User{DFAD3AFE-0F66-433B-83DD-681FE3F953B4}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 \| dir=in \| app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe \| "TCP Query User{E4281D55-E0B3-4025-8F97-7153D0AC0490}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "TCP Query User{EA2C0DFB-485A-4CCF-9C40-74A1B55EAA08}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=6 \| dir=in \| app=c:\pentavision\djmaxtrilogy\mainlauncher.exe \| "TCP Query User{F28F497E-11D5-47C5-A921-0BBDB1123D31}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 \| dir=in \| app=c:\program files\veoh networks\veoh\veohclient.exe \| "TCP Query User{F58F5906-8B91-4481-9857-FCF1BD09A19E}C:\program files\dna\btdna.exe" = protocol=6 \| dir=in \| app=c:\program files\dna\btdna.exe \| "UDP Query User{07505F80-1D4C-404E-B7D1-DA1C1961361D}C:\users\keith\desktop\citiesxl_downloader.exe" = protocol=17 \| dir=in \| app=c:\users\keith\desktop\citiesxl_downloader.exe \| "UDP Query User{0764E9E4-BD15-4976-BA2E-DA9A96B32111}C:\ijji\english\u_gbound.exe" = protocol=17 \| dir=in \| app=c:\ijji\english\u_gbound.exe \| "UDP Query User{0CCA7E21-BC5D-4638-9C33-43C5FA490653}C:\program files\aim6\aim6.exe" = protocol=17 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "UDP Query User{1793FFB0-97B8-4274-AEA5-E7AE8D69C1FA}C:\nexon\dfo\dfo.exe" = protocol=17 \| dir=in \| app=c:\nexon\dfo\dfo.exe \| "UDP Query User{22FE047F-F7D2-47CA-B015-C8D954BE98BB}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=17 \| dir=in \| app=c:\program files\cyberstep\splash fighters\amped.exe \| "UDP Query User{2A94BF45-EAAF-4DB5-BBFB-7715E26C9B5A}C:\program files\driftcity\driftcity.exe" = protocol=17 \| dir=in \| app=c:\program files\driftcity\driftcity.exe \| "UDP Query User{2C14FAB4-1DDC-42C0-8486-2EBACE1B38DB}C:\program files\bitlord\bitlord.exe" = protocol=17 \| dir=in \| app=c:\program files\bitlord\bitlord.exe \| "UDP Query User{30D4179E-5A0F-48CA-AF36-001459A16E27}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe \| "UDP Query User{36727D5A-503D-42D3-A3DB-E0A3D22DFA34}C:\ijji\english\u_goonzu.exe" = protocol=17 \| dir=in \| app=c:\ijji\english\u_goonzu.exe \| "UDP Query User{378E486F-70D8-4634-A8B1-E730CD2F6A04}C:\program files\monte cristo\cities xl\cds\citiesxl_http.exe" = protocol=17 \| dir=in \| app=c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe \| "UDP Query User{4112E072-8617-4847-927E-0BCB9B6326E7}C:\program files\dna\btdna.exe" = protocol=17 \| dir=in \| app=c:\program files\dna\btdna.exe \| "UDP Query User{4126608D-87A4-47BA-92E6-766F7215D2BF}C:\ijji\english\u_gunz.exe" = protocol=17 \| dir=in \| app=c:\ijji\english\u_gunz.exe \| "UDP Query User{47F7A35F-6D3A-4131-822C-6CD81353E3C2}C:\program files\steam\steamapps\thaiche\half-life\hl.exe" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\thaiche\half-life\hl.exe \| "UDP Query User{484512C2-949F-4F8F-ACB7-0211F1430698}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=17 \| dir=in \| app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe \| "UDP Query User{4BA9C38A-B0D7-4A32-9B7C-EF38FB69D210}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=17 \| dir=in \| app=c:\program files\gpotato\talesrunner\trgame.exe \| "UDP Query User{548D8808-0817-4DAA-A7A2-4780E1E95F83}C:\program files\bitlord\bitlord.exe" = protocol=17 \| dir=in \| app=c:\program files\bitlord\bitlord.exe \| "UDP Query User{5A453BF4-737F-42AF-8854-0321B1729DE4}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=17 \| dir=in \| app=c:\pentavision\djmaxtrilogy\mainlauncher.exe \| "UDP Query User{5D7DF121-ADEB-4A52-BD8A-890BE5E1CFD9}C:\program files\itunes\itunes.exe" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "UDP Query User{628621F8-2321-4460-BA26-92681D8CDBD6}C:\program files\driftcity\driftcity.exe" = protocol=17 \| dir=in \| app=c:\program files\driftcity\driftcity.exe \| "UDP Query User{6BDEA949-8B37-4167-9C3D-95440C8F4AA0}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 \| dir=in \| app=c:\program files\softnyx\gunboundwc\gunbound.gme \| "UDP Query User{6F4F9481-48A2-4A53-9E49-1A9FDB053E9E}C:\program files\xfire\xfire.exe" = protocol=17 \| dir=in \| app=c:\program files\xfire\xfire.exe \| "UDP Query User{77D6B810-EF8C-49F2-8A0F-6DFACEE2EB6C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{849D0A1B-85CB-4088-AE95-8F2C27E289BF}C:\program files\xlink kai\kaiengine.exe" = protocol=17 \| dir=in \| app=c:\program files\xlink kai\kaiengine.exe \| "UDP Query User{87F1E1E0-310F-4B4B-A9B9-376F098FC3CA}C:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe" = protocol=17 \| dir=in \| app=c:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe \| "UDP Query User{8820C842-AFC9-4FD3-BBAA-12D74E14D93A}C:\ijji\english\gunz\gunz.exe" = protocol=17 \| dir=in \| app=c:\ijji\english\gunz\gunz.exe \| "UDP Query User{8BCFE371-FA01-4648-A953-C409FB992BA6}C:\program files\ijji\ijji reactor\outbound_pul.exe" = protocol=17 \| dir=in \| app=c:\program files\ijji\ijji reactor\outbound_pul.exe \| "UDP Query User{A5E6A394-F619-463B-AE0F-799E5E97E7F9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 \| dir=in \| app=c:\program files\veoh networks\veoh\veohclient.exe \| "UDP Query User{A69EC847-4C18-4821-9C17-44B73A661C95}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 \| dir=in \| app=c:\ijji\english\gunbound revolution\gunbound.gme \| "UDP Query User{A938D8E0-2A8D-4D26-9CFA-6857C34CBE68}C:\programdata\ijjigame\plauncher.exe" = protocol=17 \| dir=in \| app=c:\programdata\ijjigame\plauncher.exe \| "UDP Query User{B21F7BFC-4CA7-472C-9DB9-B5D0867BFA4A}C:\program files\xlink kai\kaiengine.exe" = protocol=17 \| dir=in \| app=c:\program files\xlink kai\kaiengine.exe \| "UDP Query User{B4192C1C-30E7-4A9E-BEFD-F9C4D4A108D7}C:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe" = protocol=17 \| dir=in \| app=c:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe \| "UDP Query User{B4D441DC-470D-44BD-80D2-D2C449B65267}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=17 \| dir=in \| app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe \| "UDP Query User{BD0E346A-15A0-47BB-B921-4095AA75BD64}C:\ijji\english\u_skid.exe" = protocol=17 \| dir=in \| app=c:\ijji\english\u_skid.exe \| "UDP Query User{C09B5071-D80E-40BE-8872-28C23175DF8D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 \| dir=in \| app=c:\program files\veoh networks\veoh\veohclient.exe \| "UDP Query User{C9B0F04E-CAD2-42F9-8DC2-AF3B83004B64}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=17 \| dir=in \| app=c:\pentavision\djmaxtrilogy\mainlauncher.exe \| "UDP Query User{E16E276D-18FE-4892-A14D-ABED7C08DB28}C:\users\keith\desktop\do_full-client_downloader.exe" = protocol=17 \| dir=in \| app=c:\users\keith\desktop\do_full-client_downloader.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0A009E6A-6A11-4571-ADB1-744CDC1E1A43}" = Virtual Philadelphia "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{10012B35-46B1-4EB3-88CB-7F8F6B25D34D}" = Splash Fighters "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper "{2023D8DE-CD8E-4958-B831-9DB3166D1B07}" = Swift 3D v5.00 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.2 Release Preview r1987 "{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = GW-USMini2N "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4 "{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39CE1724-9B5B-48FC-94C9-7141444490E1}" = GhostX Global "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CB9AF08-79AE-4020-84A8-29CF15C67BD5}" = Audition "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = GW-US54mini2 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{972B9815-783B-3136-9247-CF62322C4E40}" = Microsoft .NET Framework 3.5 Language Pack SP1 - kor "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{A0F7CEAC-8F77-4936-8DDD-0AD4028A5486}" = iPhoneBrowser "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C6A6DB9E-9EE2-4872-A45C-C9E0AF0D5D09}" = Monster Hunter Frontier Online "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EC94C23D-DCE6-4E98-B82C-168E2104FA16}" = Atlantica Online "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F4805162-89AE-4003-9316-328A1F09CA8F}" = Splash Fighters "{F5025D45-CAE1-4329-8FA9-F12B1BB7E540}" = GrandDog Run Time System V1.0.35 "{F5C521B6-1AF2-432C-A061-E79E2141A32F}" = Quake Live Mozilla Plugin "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "4U AVI MPEG Converter_is1" = 4U AVI MPEG Converter (version 5.3.8) "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "AIM_7" = AIM 7 "AudioCS" = Creative Audio Control Panel "AVG9Uninstall" = AVG Free 9.0 "AviSynth" = AviSynth 2.5 "BCDP9_is1" = Business Card Designer Plus 9.5.0.0 "BitLord" = BitLord 1.1 "Boom Online 1.43_is1" = Boom Online - 1.43 "CCleaner" = CCleaner "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Combat Arms" = Combat Arms "Console Launcher" = Creative Console Launcher "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties" = Creative Sound Blaster Properties "DATA BECKER Instant Photo Scanner" = DATA BECKER Instant Photo Scanner "Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922 "DFO" = DFOLauncher "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Download Manager" = Download Manager 2.3.6 "DriftCity" = Drift City "FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0 "Foxit Reader" = Foxit Reader "FrostWire" = FrostWire 4.13.5 "GhostX" = GhostX "GOM Player" = GOM Player "Gunbound Revolution_is1" = Gunbound Revolution "GunboundWC_is1" = GunboundWC "Gunz" = ijji - Gunz "HanSetup" = ??? ?? ???? "Hive Rise" = Hive Rise "hon" = Heroes of Newerth "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "iPhoneRingToneMaker" = iPhoneRingToneMaker 2.5.1 "LMS" = C-Dilla Licence Management System "LostSagaUS" = Lost Saga "LUNA_US_090414" = LUNA Online v1.0.0 "Mabinogi" = Mabinogi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - kor" = Microsoft .NET Framework 3.5 언어 팩 SP1 - 한국어 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mount&Blade" = Mount&Blade "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "npkcxp" = nProtect KeyCrypt "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OGPlanet Game Launcher US" = OGPlanet Game Launcher "OpenAL" = OpenAL "osu!" = osu! "Pen Tablet Driver" = Pen Tablet "pepakura_viewer3en" = Pepakura Viewer 3 "Portal" = Portal "PunkBusterSvc" = PunkBuster Services "RumbleFighter" = Rumble Fighter "Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online "SoftwareUpdUtility" = Download Updater (AOL LLC) "SpeedFan" = SpeedFan (remove only) "Steam App 12820" = Overlord II - Demo "Steam App 13140" = America's Army 3 "Steam App 17410" = Mirror's Edge "Steam App 18710" = And Yet It Moves Demo "Steam App 21650" = FLOCK! Demo "Steam App 220" = Half-Life 2 "Steam App 22300" = Fallout 3 "Steam App 31500" = Coil "Steam App 35050" = Mini Ninjas - Demo "Steam App 37710" = Darkest of Days Demo "Steam App 440" = Team Fortress 2 "Steam App 500" = Left 4 Dead "Steam App 590" = Left 4 Dead 2 Demo "Steam App 70" = Half-Life "Steam App 8980" = Borderlands "Street Gears_is1" = 1.0 "Sword of The New World_is1" = Sword of The New World "SystemRequirementsLab" = System Requirements Lab "TalesRunner" = TalesRunner 1.58720081016 "TVersity Codec Pack" = TVersity Codec Pack 1.1 "TVersity Media Server " = TVersity Media Server 0.9.11.4 beta "USB Dual Mode Camera v201 Installation Files" = USB Dual Mode Camera v201 Installation Files "Videora iPhone Converter" = Videora iPhone Converter 4.06 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.9 "WampServer 2_is1" = WampServer 2.0 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "winscp3_is1" = WinSCP 4.1.5 "WinZip Self-Extractor" = WinZip Self-Extractor "XecureCK" = ClientKeeper KeyPro with E2E for 32bit "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{43462CD3-34B2-4dab-9133-7703A5DEFD61}" = Battlefield Heroes (Crisis\Keith) "BitTorrent DNA" = DNA "Cities XL" = Cities XL "Deviance RO" = Deviance RO "Google Chrome" = Google Chrome "ijji.com" = ijji "WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

Tomk View Member Profile	Nov 6 2009, 06:54 PM Post #9
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Thaiche, Double click on OTL Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : CODE :Processes :OTL SRV - File not found -- -- (mi-raysat_3dsmax9_32) O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [] File not found O33 - MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe -- File not found O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell - "" = AutoRun O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell\AutoRun\command - "" = D:\start.exe -- File not found O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell - "" = AutoRun O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found [2009/11/06 00:40:53 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/11/05 16:53:36 \| 00,069,192 \| ---- \| C] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Reboot your computer Please post the OTL log. Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Thaiche View Member Profile	Nov 7 2009, 01:20 AM Post #10
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	When I ran OTL and rebooted..for some reason a bunch of random album arts and desktop.ini appeared on my desktop..any clue why?...anyway here is the logs I should add I'm getting spammed with virus warnings from AVG now..says "Multiple threat detection C:\windows\System32\snmptrap.exe Infection-Virus found win32/virut C:\Windows\System32\alg.exe Infection-virus found win32/heur I donno what caused it..just started popping up out of no where ***dunno what caused it but windows system defender just reinstalled itself... and my computer is freaking out, gona run malwarebytes..hope thats not a problem Update I ran Malwarebytes and it found 77 infections..it cleaned them and said to reboot...i reboot and now my computer is spamming me with virus threats again feels like they just came back out of no where..keeps telling me everything is infected..all these files..etc =\| dunno what running that code through OTL or the other thing did..but it seems like it stirred up a storm XD All processes killed ========== PROCESSES ========== ========== OTL ========== Service mi-raysat_3dsmax9_32 stopped successfully! Service mi-raysat_3dsmax9_32 deleted successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c0413ab-0ef6-11de-9053-00044b03d508}\ not found. File D:\StartPortableApps.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. File D:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. File E:\LaunchU3.exe not found. File move failed. C:\VundoFix Backups\ scheduled to be moved on reboot. C:\Users\Keith\Desktop\GooredFix.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Keith ->Temp folder emptied: 12383492 bytes ->Temporary Internet Files folder emptied: 2948041 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 48910795 bytes ->Google Chrome cache emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 756736 bytes RecycleBin emptied: 8116824 bytes Total Files Cleaned = 69.73 mb OTL by OldTimer - Version 3.1.4.0 log created on 11072009_014400 Files\Folders moved on Reboot... Folder move failed. C:\VundoFix Backups\ scheduled to be moved on reboot. Registry entries deleted on Reboot... ================================================================================ ============== exeHelper by Raktor Build 20091021 Run at 02:18:01 on 11/07/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- This post has been edited by Thaiche**: Nov 7 2009, 03:34 AM

Tomk View Member Profile	Nov 7 2009, 08:21 AM Post #11
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Thaiche, We do seem to have stirred up a hornets nest. QUOTE C:\windows\System32\snmptrap.exe Infection-Virus found win32/virut If this is not a false positive, there is nothing more we can do. Let's get some verification. Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\windows\system32\userinit.exe <===this file Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Do the same for each of these: c:\windows\system32\svchost.exe c:\windows\explorer.exe c:\windows\system32\ctfmon.exe c:\windows\system32\spoolsv.exe

Thaiche View Member Profile	Nov 7 2009, 01:42 PM Post #12
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Well...it wont let me go on that website...wont load it and IE closes it as soon as I try...not to mention it filled my desktop with porn somehow now...Guess only thing I can do is reformat?....

Thaiche View Member Profile	Nov 8 2009, 04:24 AM Post #13
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Well, I went out and baught windows 7 today since I lost my original windows vista CD...and reformatted my HDD...so Thanks for trying to help..shame it ended up costing me $120 and all my files to fix..haha Any idea how all the virus's got on?

Tomk View Member Profile	Nov 8 2009, 09:11 AM Post #14
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Thaiche, If you did in fact have Virut, it virtually 100% of the time comes from the use of P2P programs. (bittorrent). It comes "packaged" with pirated files and warez. It may well have been Virut even though we were unable to confirm based on it's reaction. When it realizes it has been found, it often goes "crazy" as you saw on your system. There is no way to clean it. You must reformat and re-install and you can't backup any executable files either or you will transfer the infection to the new install. I think you made a good decision. Anything more I can do for you?

Thaiche View Member Profile	Nov 8 2009, 01:49 PM Post #15
New Member Group: Authentic Member Posts: 9 Joined: 1-November 09 Member No.: 88,626 Operating System: Vista 32-bit	Hmm, guess I gotta be more careful with torrents...I never witnessed a virus do that to me before..so It was an experience thats for sure.... But yeah, nothing else needs to be done. You can go ahead and close this thread I guess... thanks for trying/helping and being quick with responses. -Thaiche

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

Closed Topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal I think I have a virus.	11	RPinney	128	8 minutes ago Last post by: Tomk
		Infections Removal [Closed] Error404.com popup, virus/hijacker?	4	hopestobe	145	Today, 03:56 PM Last post by: LDTate
		Infections Removal [Closed] virus infestation/pool party	5	jak tunner	81	Today, 03:55 PM Last post by: LDTate
		Infections Removal can't connect to anti-virus url	14	ciacia	103	Today, 03:38 PM Last post by: CatByte

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 20th November 2009 - 05:56 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2009 IPS, Inc.