WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] nolink.html virus?

Started by Thaiche , Nov 01 2009 06:16 PM

This topic is locked

16 replies to this topic

#1 Thaiche

New Member

Authentic Member
9 posts

Posted 01 November 2009 - 06:16 PM

Okay well, A few days ago I got warnings from my anti-virus that a trojan had gotten onto my computer. I wasn't really sure how it happend as I didn't download anything...Then out of no where a fake windows security thing appeared on my desktop asking me to scan. Now I've seen this type of thing before and Didn't think it was a big deal..anyways I wasn't really in the mood to deal with it so I just cut my internet off and did a system restore as it has worked for me in the past...then once i turned my computer back on after being restored I ran a Superantispyware and AVG scan..Both showed clean so I figured it worked..So I was just browsing the internet and out of no where a new firefox window opened up. it had like 6 tabs and one of them were [b]REMOVED infector link LDT I googled it and decided I could most likely fix it myself. So I looked through what other people did to fix it...in one forum post someone suggested malwarebytes. So I did a scan with that and it came up clean. So I looked more and saw that someone else on this forum had the same problem. They were told to use ATF-Cleaner and Combofix so I figured thats all I'd need to do as I'm not usually one who likes to post and would rather fix stuff on my own. so I did atf-cleaner and that worked and then I proceeded in using Combofix. It started like normal and seemed to be working then it said "Rootkit found, rebooting" or somthing like that..so I let it reboot expecting it to continue from where it left off..but it didn't..So I tried it again and got a BSOD....Restarted again and tried again, Got the active rootkit found" thing again and rebooted..tried again and got BSOD..So I figured that was going to be the pattern with it and decided to find out how to get rid of the rootkit..downloaded avenger, said there was no rootkit's found. SO basically, I'm stuck and Not exactly sure what to do anymore...So I figured I'd just post on a forum properly and get direct help instead of using how someone else was helped.....Thanks if I can get help as this is driving me crazy....

(Sorry if it was a lot to read but I figured I should say everything I did)

I figured out I got it Via a fake windows defender pop up telling me I had gotten a virus...dunno if that helps

D.D.S
DDS (Ver_09-06-26.01) - NTFSx86
Run by Keith at 19:18:38.67 on Sun 11/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1363 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Keith\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.zing.vn/zing/?utm_source=hp&utm_medium=boom
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [AdobeBridge]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [combofix] "c:\combofix\cf26884.exe" /c "c:\combofix\C.bat"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: c:\users\keith\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\planex~1.lnk - c:\program files\planex\common\RaUI.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {090AD8A7-FFC4-4BFD-B19F-9722693042DE} - hxxp://www.joycity.com/_app/cab/JCEModuleUpdaterAX.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://t1.battlefield-heroes.com/patcher/westpatcher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/neowiz/npkcx_inca.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\1zeb0fgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.keiichianimeforever.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-1 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-1 285392]
R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [2009-2-18 10304]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-7-1 69632]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-5-23 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-23 24652]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1227800]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-9-6 12600]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-7-1 580096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-5-23 15144]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
S3 Grand;SafeNet GrandDog USB Driver;c:\windows\system32\drivers\GrandUsb.sys [2009-2-18 62528]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-10-14 14136]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-10-14 6784]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-7-1 620032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]

=============== Created Last 30 ================

2009-11-01 19:02 <DIR> --d-h--- C:\$AVG
2009-11-01 19:02 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-11-01 19:02 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-11-01 19:02 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-11-01 19:02 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-11-01 19:01 <DIR> --d----- c:\program files\AVG
2009-11-01 19:01 <DIR> --d----- c:\programdata\avg9
2009-11-01 19:01 <DIR> --d----- c:\progra~2\avg9
2009-11-01 17:59 40,040 a------- c:\windows\system32\drivers\nvstor.sys
2009-11-01 17:59 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-11-01 16:36 236,544 a------- c:\windows\PEV.exe
2009-11-01 16:36 161,792 a------- c:\windows\SWREG.exe
2009-11-01 16:36 98,816 a------- c:\windows\sed.exe
2009-11-01 16:36 77,312 a------- c:\windows\MBR.exe
2009-10-31 05:10 <DIR> --d----- c:\users\keith\appdata\roaming\Tonium
2009-10-31 05:09 <DIR> --d----- c:\program files\Tonium
2009-10-31 01:29 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 01:29 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-30 15:48 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-30 15:48 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-30 15:48 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-30 15:48 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-30 15:47 3,374 a------- c:\windows\system32\RacUR.xml
2009-10-30 15:47 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-30 02:08 <DIR> --d----- c:\users\keith\appdata\roaming\Malwarebytes
2009-10-30 02:08 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-30 02:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 02:08 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-29 23:08 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-29 23:08 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-10-29 23:07 <DIR> --d----- c:\users\keith\appdata\roaming\SUPERAntiSpyware.com
2009-10-29 23:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-29 15:20 <DIR> --dsh--- c:\users\keith\appdata\roaming\Windows System Defender
2009-10-28 03:47 10,626,048 a------- c:\windows\system32\wmp(274).dll
2009-10-28 03:47 10,626,048 a------- c:\windows\system32\wmp(159).dll
2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc(275).DLL
2009-10-28 03:47 8,147,456 a------- c:\windows\system32\wmploc(160).DLL
2009-10-16 01:24 <DIR> --d----- c:\windows\system32\xlive
2009-10-16 01:24 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-10-15 03:33 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-10-15 03:33 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-15 03:33 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-15 03:33 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-15 03:33 72,704 a------- c:\windows\system32\secur32.dll
2009-10-15 03:33 9,728 a------- c:\windows\system32\lsass.exe
2009-10-15 03:33 833,024 a------- c:\windows\system32\wininet.dll
2009-10-15 03:31 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 02:40 266,240 a------- c:\windows\system32\OGPIEPlugin.ocx
2009-10-03 00:46 195,440 a------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-11-01 18:36 32,879 a------- c:\programdata\nvModes.dat
2009-11-01 18:36 32,879 a------- c:\progra~2\nvModes.dat
2009-09-29 23:14 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-09-14 04:44 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-09-06 19:32 14,136 a------- c:\windows\system32\JRSKD24.sys
2009-09-06 19:32 12,600 a------- c:\windows\system32\JRSUKD25.SYS
2009-09-06 19:32 632,120 a------- c:\windows\system32\CKSetup32.exe
2009-09-06 19:32 124,216 a------- c:\windows\system32\CKAgent.exe
2009-09-05 23:08 4,096 a------- c:\windows\d3dx.dat
2009-09-05 22:04 189,480 a------- c:\windows\system32\PnkBstrB.exe
2009-09-05 21:52 137,544 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-05 21:49 139,152 a------- c:\users\keith\appdata\roaming\PnkBstrK.sys
2009-09-05 21:49 794,408 a------- c:\windows\system32\pbsvc.exe
2009-09-04 07:24 61,440 a------- c:\windows\system32\msasn1.dll
2009-08-31 08:55 293,376 a------- c:\windows\system32\psisdecd.dll
2009-08-31 08:55 428,544 a------- c:\windows\system32\EncDec.dll
2009-08-28 17:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 17:04 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 16:42 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 07:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 05:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 08:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 05:58 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-25 16:04 75,264 a------- c:\windows\system32\uc_holybeast_launching.dll
2009-08-17 06:48 158,952 a------- c:\windows\system32\PubPlugin.dll
2009-08-14 11:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 11:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-13 22:17 319,488 a------- c:\windows\HideWin.exe
2009-08-13 04:06 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-12 23:53 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-08-12 23:53 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-08-05 09:22 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-05 09:22 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-04-16 20:19 32 a----r-- c:\programdata\hash.dat
2009-04-16 20:19 32 a----r-- c:\progra~2\hash.dat
2008-12-09 23:42 174 a--sh--- c:\program files\desktop.ini
2008-12-09 23:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-31 05:13 23 a------- c:\users\keith\jagex_runescape_preferences.dat
2008-03-14 17:26 37,375 a------- c:\program files\openoffice.org-xsltfilter.cab
2008-03-14 17:26 2,489,204 a------- c:\program files\openoffice.org-writer.cab
2008-03-14 17:26 207,388 a------- c:\program files\openoffice.org-testtool.cab
2008-03-14 17:26 2,504,855 a------- c:\program files\openoffice.org-pyuno.cab
2008-03-14 17:26 51,973 a------- c:\program files\openoffice.org-onlineupdate.cab
2008-03-14 17:26 1,090,334 a------- c:\program files\openoffice.org-math.cab
2008-03-14 17:25 118,910 a------- c:\program files\openoffice.org-javafilter.cab
2008-03-14 17:25 1,254,017 a------- c:\program files\openoffice.org-impress.cab
2008-03-14 17:25 86,870 a------- c:\program files\openoffice.org-graphicfilter.cab
2008-03-14 17:25 2,769 a------- c:\program files\openoffice.org-emailmerge.cab
2008-03-14 17:25 919,329 a------- c:\program files\openoffice.org-draw.cab
2008-03-14 17:25 2,031,954 a------- c:\program files\openoffice.org-core09.cab
2008-03-14 17:25 293,054 a------- c:\program files\openoffice.org-core08.cab
2008-03-14 17:25 3,842,531 a------- c:\program files\openoffice.org-core07.cab
2008-03-14 17:25 28,861,971 a------- c:\program files\openoffice.org-core06.cab
2008-03-14 17:21 18,636,793 a------- c:\program files\openoffice.org-core05.cab
2008-03-14 17:19 16,453,751 a------- c:\program files\openoffice.org-core04.cab
2008-03-14 17:18 9,118,219 a------- c:\program files\openoffice.org-core03.cab
2008-03-14 17:18 3,860,200 a------- c:\program files\openoffice.org-core02.cab
2008-03-14 17:18 15,102,497 a------- c:\program files\openoffice.org-core01.cab
2008-03-14 17:17 4,696,905 a------- c:\program files\openoffice.org-calc.cab
2008-03-14 17:17 1,802,028 a------- c:\program files\openoffice.org-base.cab
2008-03-14 17:17 43,005 a------- c:\program files\openoffice.org-activex.cab
2008-03-14 17:17 217 a------- c:\program files\setup.ini
2008-03-14 17:17 4,372,992 a------- c:\program files\openofficeorg24.msi
2008-02-08 15:33 323,584 a------- c:\program files\setup.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-03-11 04:06 1,822,520 a------- c:\program files\instmsiw.exe
2002-03-11 03:45 1,708,856 a------- c:\program files\instmsia.exe

============= FINISH: 19:20:35.36 ===============

RootRepel
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 22:59
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x837EA000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80697000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82A46000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: adfs.SYS
Image Path: C:\Windows\System32\Drivers\adfs.SYS
Address: 0xA585A000 Size: 69248 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x92177000 Size: 294912 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0xA2C51000 Size: 36864 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x807A2000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x807AA000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x9A710000 Size: 311296 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x92C64000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x92C5E000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\Windows\System32\Drivers\avgtdix.sys
Address: 0x920DA000 Size: 353920 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x91DDF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA2CE2000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9A700000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA59B2000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x837C2000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C8000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A7B1000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80487000 Size: 266240 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x92CB4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A7D2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: CT20XUT.SYS
Image Path: C:\Windows\System32\drivers\CT20XUT.SYS
Address: 0x91BB5000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ctaud2k.sys
Image Path: C:\Windows\system32\drivers\ctaud2k.sys
Address: 0x8F4FE000 Size: 529664 File Visible: - Signed: -
Status: -

Name: CTEXFIFX.SYS
Image Path: C:\Windows\System32\drivers\CTEXFIFX.SYS
Address: 0x91C07000 Size: 1368064 File Visible: - Signed: -
Status: -

Name: CTHWIUT.SYS
Image Path: C:\Windows\System32\drivers\CTHWIUT.SYS
Address: 0x91BA0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: ctoss2k.sys
Image Path: C:\Windows\system32\drivers\ctoss2k.sys
Address: 0x9040D000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ctprxy2k.sys
Image Path: C:\Windows\system32\drivers\ctprxy2k.sys
Address: 0x90442000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ctsfm2k.sys
Image Path: C:\Windows\system32\drivers\ctsfm2k.sys
Address: 0x91B76000 Size: 172032 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x92C47000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A7A0000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8F5AD000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x92CC1000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x92CCB000 Size: 106496 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x92CE5000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x9032F000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A779000 Size: 159744 File Visible: - Signed: -
Status: -

Name: emupia2k.sys
Image Path: C:\Windows\system32\drivers\emupia2k.sys
Address: 0x91B46000 Size: 196608 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x903DB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x83435000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x83403000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x91DA5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x83727000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8FA0B000 Size: 9472 File Visible: - Signed: -
Status: -

Name: giveio.sys
Image Path: C:\Windows\system32\giveio.sys
Address: 0x8A778000 Size: 1664 File Visible: - Signed: -
Status: -

Name: ha20x22k.sys
Image Path: C:\Windows\system32\drivers\ha20x22k.sys
Address: 0x91A0E000 Size: 1241088 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82A13000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x805E9000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HdAudio.sys
Image Path: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x91D55000 Size: 258048 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x9044C000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x9045C000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x91DC7000 Size: 36864 File Visible: - Signed: -
Status: -

Name: hostnt.sys
Image Path: C:\Windows\system32\drivers\hostnt.sys
Address: 0xA586B000 Size: 4864 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA2C5A000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x903E6000 Size: 77824 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8375C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: JRSUKD25.SYS
Image Path: C:\Windows\system32\JRSUKD25.SYS
Address: 0x905A2000 Size: 7168 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x9053A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x91B3D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x8F5D2000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8344F000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x92DD0000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x92CFE000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040E000 Size: 393216 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x92CEF000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8FA00000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x90592000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80792000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA2CFB000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA2D10000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA2D30000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA2D4F000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA2D88000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x920A2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806E6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x90474000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x835CB000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x90547000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A769000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x834C0000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x904C4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA2C34000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x904CF000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x91D94000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x921D5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x92131000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x83604000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x920AD000 Size: 57344 File Visible: - Signed: -
Status: -

Name: npkcrypt.sys
Image Path: C:\Nexon\Mabinogi\npkcrypt.sys
Address: 0xA586D000 Size: 26944 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x92C3D000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A60F000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82A46000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x91DD8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvBridge.kmd
Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd
Address: 0x9032D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8FA0F000 Size: 9557216 File Visible: - Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8F403000 Size: 1025152 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x807C8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x807D5000 Size: 106496 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA2C0A000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x837DA000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x921BF000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80715000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806EE000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x8077D000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x80784000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA5874000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82A46000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F580000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8046E000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x83445000 Size: 37056 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x920BB000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x904AD000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x904F2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x90501000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x90515000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82A46000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x92C01000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x92092000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x9209A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\Windows\System32\Drivers\RDPWD.SYS
Address: 0xA597F000 Size: 208896 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA59D9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA2C3E000 Size: 77824 File Visible: - Signed: -
Status: -

Name: rt2870.sys
Image Path: C:\Windows\system32\DRIVERS\rt2870.sys
Address: 0x92004000 Size: 580096 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x921F6000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xA59C8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0x905C5000 Size: 151552 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA5952000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x92163000 Size: 81920 File Visible: - Signed: -
Status: -

Name: speedfan.sys
Image Path: C:\Windows\system32\speedfan.sys
Address: 0x8A767000 Size: 5248 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A75F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x92D21000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA580E000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA2DA0000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA2CC5000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x805A8000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x90545000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8363E000 Size: 954368 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA595C000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x904A2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdtcp.sys
Image Path: C:\Windows\system32\drivers\tdtcp.sys
Address: 0xA5968000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x920C4000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x9052A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9A6E0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tssecsrv.sys
Image Path: C:\Windows\System32\DRIVERS\tssecsrv.sys
Address: 0xA5973000 Size: 49152 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A600000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8A7F2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x90551000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x91DAE000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x91DC5000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x837B3000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x9055E000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8376B000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x83775000 Size: 253952 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x91DE6000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x905A4000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80724000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80733000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A726000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wacmoumonitor.sys
Image Path: C:\Windows\system32\DRIVERS\wacmoumonitor.sys
Address: 0x91DD0000 Size: 32768 File Visible: - Signed: -
Status: -

Name: wacommousefilter.sys
Image Path: C:\Windows\system32\DRIVERS\wacommousefilter.sys
Address: 0x9059A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: wacomvhid.sys
Image Path: C:\Windows\system32\DRIVERS\wacomvhid.sys
Address: 0x9044A000 Size: 8064 File Visible: - Signed: -
Status: -

Name: WacomVKHid.sys
Image Path: C:\Windows\system32\DRIVERS\WacomVKHid.sys
Address: 0x90463000 Size: 5760 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x921E3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x903CE000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wd.sys
Image Path: C:\Windows\system32\drivers\wd.sys
Address: 0x8A71E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8060E000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8068A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9A4C0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9A4C0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806DD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82A46000 Size: 3903488 File Visible: - Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\smss.exe
PID: 404 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 424 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 448 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 472 Status: -

Path: C:\Windows\System32\wininit.exe
PID: 532 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 540 Status: -

Path: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 552 Status: -

Path: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 560 Status: -

Path: C:\Windows\System32\services.exe
PID: 592 Status: -

Path: C:\Windows\System32\lsass.exe
PID: 608 Status: -

Path: C:\Windows\System32\lsm.exe
PID: 616 Status: -

Path: C:\Windows\System32\winlogon.exe
PID: 644 Status: -

Path: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 684 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 888 Status: -

Path: C:\Users\Keith\Desktop\RootRepeal.exe
PID: 924 Status: -

Path: C:\Windows\System32\nvvsvc.exe
PID: 960 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1252 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1392 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1436 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1456 Status: -

Path: C:\Windows\ehome\ehtray.exe
PID: 1512 Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1524 Status: Locked to the Windows API!

Path: C:\Program Files\AIM6\aolsoftware.exe
PID: 1544 Status: -

Path: C:\Windows\ehome\ehmsas.exe
PID: 1568 Status: -

Path: C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PID: 1672 Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1696 Status: -

Path: C:\Windows\System32\nvvsvc.exe
PID: 1752 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1796 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1828 Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 1904 Status: -

Path: C:\Windows\System32\wisptis.exe
PID: 1908 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1924 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 1932 Status: -

Path: C:\Windows\System32\wisptis.exe
PID: 2056 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 2064 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2084 Status: -

Path: C:\Windows\System32\SearchIndexer.exe
PID: 2188 Status: -

Path: C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
PID: 2208 Status: -

Path: C:\Windows\System32\dwm.exe
PID: 2252 Status: -

Path: C:\Windows\explorer.exe
PID: 2364 Status: -

Path: C:\Program Files\Windows Defender\MSASCui.exe
PID: 2668 Status: -

Path: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PID: 2688 Status: -

Path: C:\Windows\System32\Ctxfihlp.exe
PID: 2696 Status: -

Path: C:\Program Files\AVG\AVG9\avgemc.exe
PID: 2712 Status: -

Path: C:\Program Files\AVG\AVG9\avgtray.exe
PID: 2764 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 2856 Status: -

Path: C:\Program Files\AIM6\aim6.exe
PID: 2876 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2928 Status: -

Path: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PID: 2944 Status: -

Path: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 3000 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 3020 Status: -

Path: C:\Windows\System32\dlbtcoms.exe
PID: 3112 Status: -

Path: C:\Nexon\Mabinogi\npkcmsvc.exe
PID: 3208 Status: -

Path: C:\Windows\System32\PnkBstrA.exe
PID: 3556 Status: -

Path: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 3564 Status: -

Path: C:\Windows\System32\PnkBstrB.exe
PID: 3588 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 3692 Status: -

Path: C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
PID: 3704 Status: -

Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 3740 Status: -

Path: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PID: 3812 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 3828 Status: -

Path: C:\Windows\System32\Pen_Tablet.exe
PID: 3856 Status: -

Path: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 3884 Status: -

Path: C:\Program Files\TVersity\Media Server\MediaServer.exe
PID: 3908 Status: -

Path: C:\Windows\System32\WTablet\Pen_TabletUser.exe
PID: 3956 Status: -

Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 3972 Status: -

Path: C:\Windows\System32\Pen_Tablet.exe
PID: 3988 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 4020 Status: -

Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 4032 Status: -

Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 4104 Status: -

Path: C:\Program Files\DNA\btdna.exe
PID: 4248 Status: -

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 4300 Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 4612 Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 4620 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4732 Status: -

Path: C:\Windows\System32\wuauclt.exe
PID: 4820 Status: -

Path: C:\Windows\System32\CTxfispi.exe
PID: 4824 Status: -

Path: C:\Program Files\Steam\Steam.exe
PID: 5020 Status: -

Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 5040 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 5060 Status: -

Path: C:\Program Files\Planex\Common\RaUI.exe
PID: 5100 Status: -

Path: C:\Windows\System32\mobsync.exe
PID: 5188 Status: -

Path: C:\Program Files\Common Files\Steam\SteamService.exe
PID: 5288 Status: -

Path: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 5520 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PID: 5972 Status: -

Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 6580 Status: -

Path: C:\Windows\System32\SearchFilterHost.exe
PID: 6592 Status: -

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAddDriverEntry
Status: Not hooked

#: 011 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 012 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 013 Function Name: NtAlertResumeThread
Status: Not hooked

#: 014 Function Name: NtAlertThread
Status: Not hooked

#: 015 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 016 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 017 Function Name: NtAllocateUuids
Status: Not hooked

#: 018 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 019 Function Name: NtAlpcAcceptConnectPort
Status: Not hooked

#: 020 Function Name: NtAlpcCancelMessage
Status: Not hooked

#: 021 Function Name: NtAlpcConnectPort
Status: Not hooked

#: 022 Function Name: NtAlpcCreatePort
Status: Not hooked

#: 023 Function Name: NtAlpcCreatePortSection
Status: Not hooked

#: 024 Function Name: NtAlpcCreateResourceReserve
Status: Not hooked

#: 025 Function Name: NtAlpcCreateSectionView
Status: Not hooked

#: 026 Function Name: NtAlpcCreateSecurityContext
Status: Not hooked

#: 027 Function Name: NtAlpcDeletePortSection
Status: Not hooked

#: 028 Function Name: NtAlpcDeleteResourceReserve
Status: Not hooked

#: 029 Function Name: NtAlpcDeleteSectionView
Status: Not hooked

#: 030 Function Name: NtAlpcDeleteSecurityContext
Status: Not hooked

#: 031 Function Name: NtAlpcDisconnectPort
Status: Not hooked

#: 032 Function Name: NtAlpcImpersonateClientOfPort
Status: Not hooked

#: 033 Function Name: NtAlpcOpenSenderProcess
Status: Not hooked

#: 034 Function Name: NtAlpcOpenSenderThread
Status: Not hooked

#: 035 Function Name: NtAlpcQueryInformation
Status: Not hooked

#: 036 Function Name: NtAlpcQueryInformationMessage
Status: Not hooked

#: 037 Function Name: NtAlpcRevokeSecurityContext
Status: Not hooked

#: 038 Function Name: NtAlpcSendWaitReceivePort
Status: Not hooked

#: 039 Function Name: NtAlpcSetInformation
Status: Not hooked

#: 040 Function Name: NtApphelpCacheControl
Status: Not hooked

#: 041 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 042 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 043 Function Name: NtCallbackReturn
Status: Not hooked

#: 044 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 045 Function Name: NtCancelIoFile
Status: Not hooked

#: 046 Function Name: NtCancelTimer
Status: Not hooked

#: 047 Function Name: NtClearEvent
Status: Not hooked

#: 048 Function Name: NtClose
Status: Not hooked

#: 049 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 050 Function Name: NtCompactKeys
Status: Not hooked

#: 051 Function Name: NtCompareTokens
Status: Not hooked

#: 052 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 053 Function Name: NtCompressKey
Status: Not hooked

#: 054 Function Name: NtConnectPort
Status: Not hooked

#: 055 Function Name: NtContinue
Status: Not hooked

#: 056 Function Name: NtCreateDebugObject
Status: Not hooked

#: 057 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 058 Function Name: NtCreateEvent
Status: Not hooked

#: 059 Function Name: NtCreateEventPair
Status: Not hooked

#: 060 Function Name: NtCreateFile
Status: Not hooked

#: 061 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 062 Function Name: NtCreateJobObject
Status: Not hooked

#: 063 Function Name: NtCreateJobSet
Status: Not hooked

#: 064 Function Name: NtCreateKey
Status: Not hooked

#: 065 Function Name: NtCreateKeyTransacted
Status: Not hooked

#: 066 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 067 Function Name: NtCreateMutant
Status: Not hooked

#: 068 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 069 Function Name: NtCreatePrivateNamespace
Status: Not hooked

#: 070 Function Name: NtCreatePagingFile
Status: Not hooked

#: 071 Function Name: NtCreatePort
Status: Not hooked

#: 072 Function Name: NtCreateProcess
Status: Not hooked

#: 073 Function Name: NtCreateProcessEx
Status: Not hooked

#: 074 Function Name: NtCreateProfile
Status: Not hooked

#: 075 Function Name: NtCreateSection
Status: Not hooked

#: 076 Function Name: NtCreateSemaphore
Status: Not hooked

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 078 Function Name: NtCreateThread
Status: Not hooked

#: 079 Function Name: NtCreateTimer
Status: Not hooked

#: 080 Function Name: NtCreateToken
Status: Not hooked

#: 081 Function Name: NtCreateTransaction
Status: Not hooked

#: 082 Function Name: NtOpenTransaction
Status: Not hooked

#: 083 Function Name: NtQueryInformationTransaction
Status: Not hooked

#: 084 Function Name: NtQueryInformationTransactionManager
Status: Not hooked

#: 085 Function Name: NtPrePrepareEnlistment
Status: Not hooked

#: 086 Function Name: NtPrepareEnlistment
Status: Not hooked

#: 087 Function Name: NtCommitEnlistment
Status: Not hooked

#: 088 Function Name: NtReadOnlyEnlistment
Status: Not hooked

#: 089 Function Name: NtRollbackComplete
Status: Not hooked

#: 090 Function Name: NtRollbackEnlistment
Status: Not hooked

#: 091 Function Name: NtCommitTransaction
Status: Not hooked

#: 092 Function Name: NtRollbackTransaction
Status: Not hooked

#: 093 Function Name: NtPrePrepareComplete
Status: Not hooked

#: 094 Function Name: NtPrepareComplete
Status: Not hooked

#: 095 Function Name: NtCommitComplete
Status: Not hooked

#: 096 Function Name: NtSinglePhaseReject
Status: Not hooked

#: 097 Function Name: NtSetInformationTransaction
Status: Not hooked

#: 098 Function Name: NtSetInformationTransactionManager
Status: Not hooked

#: 099 Function Name: NtSetInformationResourceManager
Status: Not hooked

#: 100 Function Name: NtCreateTransactionManager
Status: Not hooked

#: 101 Function Name: NtOpenTransactionManager
Status: Not hooked

#: 102 Function Name: NtRenameTransactionManager
Status: Not hooked

#: 103 Function Name: NtRollforwardTransactionManager
Status: Not hooked

#: 104 Function Name: NtRecoverEnlistment
Status: Not hooked

#: 105 Function Name: NtRecoverResourceManager
Status: Not hooked

#: 106 Function Name: NtRecoverTransactionManager
Status: Not hooked

#: 107 Function Name: NtCreateResourceManager
Status: Not hooked

#: 108 Function Name: NtOpenResourceManager
Status: Not hooked

#: 109 Function Name: NtGetNotificationResourceManager
Status: Not hooked

#: 110 Function Name: NtQueryInformationResourceManager
Status: Not hooked

#: 111 Function Name: NtCreateEnlistment
Status: Not hooked

#: 112 Function Name: NtOpenEnlistment
Status: Not hooked

#: 113 Function Name: NtSetInformationEnlistment
Status: Not hooked

#: 114 Function Name: NtQueryInformationEnlistment
Status: Not hooked

#: 115 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 116 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 117 Function Name: NtDebugContinue
Status: Not hooked

#: 118 Function Name: NtDelayExecution
Status: Not hooked

#: 119 Function Name: NtDeleteAtom
Status: Not hooked

#: 120 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 121 Function Name: NtDeleteDriverEntry
Status: Not hooked

#: 122 Function Name: NtDeleteFile
Status: Not hooked

#: 123 Function Name: NtDeleteKey
Status: Not hooked

#: 124 Function Name: NtDeletePrivateNamespace
Status: Not hooked

#: 125 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 126 Function Name: NtDeleteValueKey
Status: Not hooked

#: 127 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 128 Function Name: NtDisplayString
Status: Not hooked

#: 129 Function Name: NtDuplicateObject
Status: Not hooked

#: 130 Function Name: NtDuplicateToken
Status: Not hooked

#: 131 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 132 Function Name: NtEnumerateDriverEntries
Status: Not hooked

#: 133 Function Name: NtEnumerateKey
Status: Not hooked

#: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 135 Function Name: NtEnumerateTransactionObject
Status: Not hooked

#: 136 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 137 Function Name: NtExtendSection
Status: Not hooked

#: 138 Function Name: NtFilterToken
Status: Not hooked

#: 139 Function Name: NtFindAtom
Status: Not hooked

#: 140 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 141 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 142 Function Name: NtFlushKey
Status: Not hooked

#: 143 Function Name: NtFlushProcessWriteBuffers
Status: Not hooked

#: 144 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 145 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 146 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 147 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 148 Function Name: NtFreezeRegistry
Status: Not hooked

#: 149 Function Name: NtFreezeTransactions
Status: Not hooked

#: 150 Function Name: NtFsControlFile
Status: Not hooked

#: 151 Function Name: NtGetContextThread
Status: Not hooked

#: 152 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 153 Function Name: NtGetNlsSectionPtr
Status: Not hooked

#: 154 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 155 Function Name: NtGetWriteWatch
Status: Not hooked

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 157 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 158 Function Name: NtImpersonateThread
Status: Not hooked

#: 159 Function Name: NtInitializeNlsFiles
Status: Not hooked

#: 160 Function Name: NtInitializeRegistry
Status: Not hooked

#: 161 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 162 Function Name: NtIsProcessInJob
Status: Not hooked

#: 163 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 164 Function Name: NtListenPort
Status: Not hooked

#: 165 Function Name: NtLoadDriver
Status: Not hooked

#: 166 Function Name: NtLoadKey
Status: Not hooked

#: 167 Function Name: NtLoadKey2
Status: Not hooked

#: 168 Function Name: NtLoadKeyEx
Status: Not hooked

#: 169 Function Name: NtLockFile
Status: Not hooked

#: 170 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 171 Function Name: NtLockRegistryKey
Status: Not hooked

#: 172 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 173 Function Name: NtMakePermanentObject
Status: Not hooked

#: 174 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 175 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 176 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 177 Function Name: NtMapViewOfSection
Status: Not hooked

#: 178 Function Name: NtModifyBootEntry
Status: Not hooked

#: 179 Function Name: NtModifyDriverEntry
Status: Not hooked

#: 180 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 181 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 182 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 183 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 184 Function Name: NtOpenEvent
Status: Not hooked

#: 185 Function Name: NtOpenEventPair
Status: Not hooked

#: 186 Function Name: NtOpenFile
Status: Not hooked

#: 187 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 188 Function Name: NtOpenJobObject
Status: Not hooked

#: 189 Function Name: NtOpenKey
Status: Not hooked

#: 190 Function Name: NtOpenKeyTransacted
Status: Not hooked

#: 191 Function Name: NtOpenMutant
Status: Not hooked

#: 192 Function Name: NtOpenPrivateNamespace
Status: Not hooked

#: 193 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 194 Function Name: NtOpenProcess
Status: Not hooked

#: 195 Function Name: NtOpenProcessToken
Status: Not hooked

#: 196 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 197 Function Name: NtOpenSection
Status: Not hooked

#: 198 Function Name: NtOpenSemaphore
Status: Not hooked

#: 199 Function Name: NtOpenSession
Status: Not hooked

#: 200 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 201 Function Name: NtOpenThread
Status: Not hooked

#: 202 Function Name: NtOpenThreadToken
Status: Not hooked

#: 203 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 204 Function Name: NtOpenTimer
Status: Not hooked

#: 205 Function Name: NtPlugPlayControl
Status: Not hooked

#: 206 Function Name: NtPowerInformation
Status: Not hooked

#: 207 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 208 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 209 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 210 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 211 Function Name: NtPulseEvent
Status: Not hooked

#: 212 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 213 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 214 Function Name: NtQueryBootOptions
Status: Not hooked

#: 215 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 216 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 217 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 219 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 220 Function Name: NtQueryDriverEntryOrder
Status: Not hooked

#: 221 Function Name: NtQueryEaFile
Status: Not hooked

#: 222 Function Name: NtQueryEvent
Status: Not hooked

#: 223 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 224 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 225 Function Name: NtQueryInformationFile
Status: Not hooked

#: 226 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 227 Function Name: NtQueryInformationPort
Status: Not hooked

#: 228 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 229 Function Name: NtQueryInformationThread
Status: Not hooked

#: 230 Function Name: NtQueryInformationToken
Status: Not hooked

#: 231 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 232 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 233 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 234 Function Name: NtQueryKey
Status: Not hooked

#: 235 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 236 Function Name: NtQueryMutant
Status: Not hooked

#: 237 Function Name: NtQueryObject
Status: Not hooked

#: 238 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 239 Function Name: NtQueryOpenSubKeysEx
Status: Not hooked

#: 240 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 241 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 242 Function Name: NtQuerySection
Status: Not hooked

#: 243 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 244 Function Name: NtQuerySemaphore
Status: Not hooked

#: 245 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 246 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 247 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 248 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 249 Function Name: NtQuerySystemTime
Status: Not hooked

#: 250 Function Name: NtQueryTimer
Status: Not hooked

#: 251 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 252 Function Name: NtQueryValueKey
Status: Not hooked

#: 253 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 254 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 255 Function Name: NtQueueApcThread
Status: Not hooked

#: 256 Function Name: NtRaiseException
Status: Not hooked

#: 257 Function Name: NtRaiseHardError
Status: Not hooked

#: 258 Function Name: NtReadFile
Status: Not hooked

#: 259 Function Name: NtReadFileScatter
Status: Not hooked

#: 260 Function Name: NtReadRequestData
Status: Not hooked

#: 261 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 262 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 263 Function Name: NtReleaseMutant
Status: Not hooked

#: 264 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 265 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 266 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 267 Function Name: NtRenameKey
Status: Not hooked

#: 268 Function Name: NtReplaceKey
Status: Not hooked

#: 269 Function Name: NtReplacePartitionUnit
Status: Not hooked

#: 270 Function Name: NtReplyPort
Status: Not hooked

#: 271 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 272 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 273 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 274 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 275 Function Name: NtRequestPort
Status: Not hooked

#: 276 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 277 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 278 Function Name: NtResetEvent
Status: Not hooked

#: 279 Function Name: NtResetWriteWatch
Status: Not hooked

#: 280 Function Name: NtRestoreKey
Status: Not hooked

#: 281 Function Name: NtResumeProcess
Status: Not hooked

#: 282 Function Name: NtResumeThread
Status: Not hooked

#: 283 Function Name: NtSaveKey
Status: Not hooked

#: 284 Function Name: NtSaveKeyEx
Status: Not hooked

#: 285 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 286 Function Name: NtSecureConnectPort
Status: Not hooked

#: 287 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 288 Function Name: NtSetBootOptions
Status: Not hooked

#: 289 Function Name: NtSetContextThread
Status: Not hooked

#: 290 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 291 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 292 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 293 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 294 Function Name: NtSetDriverEntryOrder
Status: Not hooked

#: 295 Function Name: NtSetEaFile
Status: Not hooked

#: 296 Function Name: NtSetEvent
Status: Not hooked

#: 297 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 298 Function Name: NtSetHighEventPair
Status: Not hooked

#: 299 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 300 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 301 Function Name: NtSetInformationFile
Status: Not hooked

#: 302 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 303 Function Name: NtSetInformationKey
Status: Not hooked

#: 304 Function Name: NtSetInformationObject
Status: Not hooked

#: 305 Function Name: NtSetInformationProcess
Status: Not hooked

#: 306 Function Name: NtSetInformationThread
Status: Not hooked

#: 307 Function Name: NtSetInformationToken
Status: Not hooked

#: 308 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 309 Function Name: NtSetIoCompletion
Status: Not hooked

#: 310 Function Name: NtSetLdtEntries
Status: Not hooked

#: 311 Function Name: NtSetLowEventPair
Status: Not hooked

#: 312 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 313 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 314 Function Name: NtSetSecurityObject
Status: Not hooked

#: 315 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 316 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 317 Function Name: NtSetSystemInformation
Status: Not hooked

#: 318 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 319 Function Name: NtSetSystemTime
Status: Not hooked

#: 320 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 321 Function Name: NtSetTimer
Status: Not hooked

#: 322 Function Name: NtSetTimerResolution
Status: Not hooked

#: 323 Function Name: NtSetUuidSeed
Status: Not hooked

#: 324 Function Name: NtSetValueKey
Status: Not hooked

#: 325 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 326 Function Name: NtShutdownSystem
Status: Not hooked

#: 327 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 328 Function Name: NtStartProfile
Status: Not hooked

#: 329 Function Name: NtStopProfile
Status: Not hooked

#: 330 Function Name: NtSuspendProcess
Status: Not hooked

#: 331 Function Name: NtSuspendThread
Status: Not hooked

#: 332 Function Name: NtSystemDebugControl
Status: Not hooked

#: 333 Function Name: NtTerminateJobObject
Status: Not hooked

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x905ce0b0

#: 335 Function Name: NtTerminateThread
Status: Not hooked

#: 336 Function Name: NtTestAlert
Status: Not hooked

#: 337 Function Name: NtThawRegistry
Status: Not hooked

#: 338 Function Name: NtThawTransactions
Status: Not hooked

#: 339 Function Name: NtTraceEvent
Status: Not hooked

#: 340 Function Name: NtTraceControl
Status: Not hooked

#: 341 Function Name: NtTranslateFilePath
Status: Not hooked

#: 342 Function Name: NtUnloadDriver
Status: Not hooked

#: 343 Function Name: NtUnloadKey
Status: Not hooked

#: 344 Function Name: NtUnloadKey2
Status: Not hooked

#: 345 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 346 Function Name: NtUnlockFile
Status: Not hooked

#: 347 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 348 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 349 Function Name: NtVdmControl
Status: Not hooked

#: 350 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 351 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 352 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 353 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 354 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 355 Function Name: NtWriteFile
Status: Not hooked

#: 356 Function Name: NtWriteFileGather
Status: Not hooked

#: 357 Function Name: NtWriteRequestData
Status: Not hooked

#: 358 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 359 Function Name: NtYieldExecution
Status: Not hooked

#: 360 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 361 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 362 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 363 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 364 Function Name: NtQueryPortInformationProcess
Status: Not hooked

#: 365 Function Name: NtGetCurrentProcessorNumber
Status: Not hooked

#: 366 Function Name: NtWaitForMultipleObjects32
Status: Not hooked

#: 367 Function Name: NtGetNextProcess
Status: Not hooked

#: 368 Function Name: NtGetNextThread
Status: Not hooked

#: 369 Function Name: NtCancelIoFileEx
Status: Not hooked

#: 370 Function Name: NtCancelSynchronousIoFile
Status: Not hooked

#: 371 Function Name: NtRemoveIoCompletionEx
Status: Not hooked

#: 372 Function Name: NtRegisterProtocolAddressInformation
Status: Not hooked

#: 373 Function Name: NtPropagationComplete
Status: Not hooked

#: 374 Function Name: NtPropagationFailed
Status: Not hooked

#: 375 Function Name: NtCreateWorkerFactory
Status: Not hooked

#: 376 Function Name: NtReleaseWorkerFactoryWorker
Status: Not hooked

#: 377 Function Name: NtWaitForWorkViaWorkerFactory
Status: Not hooked

#: 378 Function Name: NtSetInformationWorkerFactory
Status: Not hooked

#: 379 Function Name: NtQueryInformationWorkerFactory
Status: Not hooked

#: 380 Function Name: NtWorkerFactoryWorkerReady
Status: Not hooked

#: 381 Function Name: NtShutdownWorkerFactory
Status: Not hooked

#: 382 Function Name: NtCreateThreadEx
Status: Not hooked

#: 383 Function Name: NtCreateUserProcess
Status: Not hooked

#: 384 Function Name: NtQueryLicenseValue
Status: Not hooked

#: 385 Function Name: NtMapCMFModule
Status: Not hooked

#: 386 Function Name: NtIsUILanguageComitted
Status: Not hooked

#: 387 Function Name: NtFlushInstallUILanguage
Status: Not hooked

#: 388 Function Name: NtGetMUIRegistryInfo
Status: Not hooked

#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Not hooked

#: 390 Function Name: NtReleaseCMFViewOwnership
Status: Not hooked

Hidden Services
-------------------

Edited by Thaiche, 03 November 2009 - 10:37 PM.

Advertisements

Register to Remove

#2 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 November 2009 - 12:51 AM

Hi Thaiche,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

There are a lot of warnings scattered around the forum that beg you not to use directions that are given to someone else.

There are also many warnings that ask you not to use most of the tools without supervision.

Apparently you decided that these warning didn't apply to you?

Anyhow... let's see if we can get things straightened back out.

Please drag the copy of ComboFix you have to the recycle bin (or just right click and delete it)

Please download the OTM by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}]


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#3 Thaiche

New Member

Authentic Member
9 posts

Posted 06 November 2009 - 04:08 AM

Hah, yeah...Sorry I used the tools against the warnings..Just seemed like everyone who had the problem fixed it easy with combofix so I figured it was worth a shot....Alrighty then, Heres the log All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\combofix not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Keith ->Temp folder emptied: 33631337 bytes File delete failed. C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 16963037 bytes ->Java cache emptied: 99850776 bytes ->FireFox cache emptied: 49768947 bytes ->Google Chrome cache emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 71210 bytes User: Public %systemdrive% .tmp files removed: 0 bytes C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully. C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully. %systemroot% .tmp files removed: 557056 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 309 bytes RecycleBin emptied: 124989260 bytes Total Files Cleaned = 310.77 mb OTM by OldTimer - Version 3.0.0.6 log created on 11062009_045449 Files moved on Reboot... Registry entries deleted on Reboot... *****Oh I should add I scanned with malwarebytes again and it got rid of somthing..guess i should post that log too?...(even though it got rid of it..I'm still getting the popups..So i figured it might be coming back via system restore so I turned that off...but yeah didn't work either) Malwarebytes' Anti-Malware 1.41 Database version: 3064 Windows 6.0.6001 Service Pack 1 11/3/2009 4:55:43 PM mbam-log-2009-11-03 (16-55-43).txt Scan type: Full Scan (C:\|) Objects scanned: 554346 Time elapsed: 3 hour(s), 35 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Keith\AppData\Roaming\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully. Files Infected: C:\Users\Keith\AppData\Roaming\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Edited by Thaiche, 06 November 2009 - 04:43 AM.

#4 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 November 2009 - 09:17 AM

Thaiche,

Good.

Let's try again a little differently.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop as Worksnow.com

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#5 Thaiche

New Member

Authentic Member
9 posts

Posted 06 November 2009 - 10:01 AM

Tried it, Got BSOD again...

#6 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 November 2009 - 11:27 AM

Thaiche,

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#7 Thaiche

New Member

Authentic Member
9 posts

Posted 06 November 2009 - 04:15 PM

OTL logfile created on: 11/6/2009 5:06:00 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Keith\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.51% Memory free
4.00 Gb Paging File | 3.90 Gb Available in Paging File | 97.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 220.93 Gb Free Space | 47.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRISIS
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/06 17:03:00 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
PRC - [2009/11/05 03:31:39 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/04 23:52:15 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/04 23:52:14 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/03 20:31:21 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/11/01 19:01:49 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/01 19:01:48 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/01 19:01:47 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/01 19:01:46 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/01 19:01:46 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/01 19:01:46 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/01 19:01:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/01 19:01:41 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/12 20:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/05 14:10:02 | 03,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/09/18 13:42:04 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/09/05 22:04:43 | 00,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/14 12:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/07/14 12:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/07/14 11:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/13 23:28:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/07/13 23:22:08 | 01,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/06/06 15:32:37 | 00,321,856 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/06/04 01:22:30 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/19 15:50:32 | 01,818,624 | ---- | M] (Planex Technology, Corp.) -- C:\Program Files\Planex\Common\RaUI.exe
PRC - [2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/02/23 10:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/11 15:33:09 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/05/13 14:12:54 | 00,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
PRC - [2008/05/01 17:41:38 | 00,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 17:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008/05/01 17:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/18 23:33:40 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/18 23:33:40 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/18 23:33:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:32 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/18 23:33:32 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/18 23:33:24 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/18 23:33:24 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/18 23:33:14 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/18 23:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/18 23:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/12/30 14:42:34 | 00,724,992 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2007/12/14 05:42:38 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PRC - [2007/12/14 05:42:37 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
PRC - [2007/08/02 14:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/07 03:50:14 | 00,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2009/11/06 17:03:00 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
MOD - [2009/11/01 19:02:24 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/18 23:36:42 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/18 23:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (mi-raysat_3dsmax9_32)
SRV - [2009/11/05 03:31:39 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/04 23:52:14 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/01 19:01:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/01 19:01:41 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/01 13:02:48 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/18 13:42:04 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/05 22:04:43 | 00,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/08/28 17:08:12 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/14 12:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/14 11:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/06/04 01:22:30 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/16 19:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/23 10:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/11 15:33:09 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/12/10 00:55:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/05/23 09:14:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/05/13 14:12:54 | 00,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/05/01 17:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/04/17 18:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 23:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/18 00:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)
SRV - [2007/12/30 14:42:34 | 00,724,992 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2007/08/02 14:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/07 03:50:14 | 00,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/11/05 16:57:16 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2009/11/01 19:02:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/01 19:02:18 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/01 19:02:16 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/12 20:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 20:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 20:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/18 13:42:18 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/09/18 13:42:16 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/18 13:42:16 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/09/06 19:32:23 | 00,014,136 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSKD24.sys -- (JRSKD24)
DRV - [2009/09/06 19:32:23 | 00,012,600 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2009/07/14 13:54:00 | 09,557,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 01:52:46 | 01,227,800 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/07/14 01:52:34 | 01,184,280 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/07/14 01:52:22 | 00,095,768 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/07/14 01:52:14 | 00,159,256 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/07/14 01:52:04 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/07/14 01:51:56 | 00,129,560 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/07/14 01:51:36 | 00,536,344 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2009/07/14 01:51:26 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/07/14 01:51:16 | 01,353,240 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/07/14 01:51:16 | 01,353,240 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/07/14 01:51:04 | 00,073,752 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/07/14 01:51:04 | 00,073,752 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/07/14 01:50:56 | 00,198,168 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/07/14 01:50:56 | 00,198,168 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/10 00:19:23 | 00,006,784 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD24.sys -- (JRSUKD24)
DRV - [2009/02/18 21:15:47 | 00,062,528 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\drivers\GrandUsb.sys -- (Grand)
DRV - [2009/02/18 21:15:47 | 00,010,304 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\hostnt.sys -- (HOSTNT)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/10 08:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/06/10 20:57:52 | 00,620,032 | ---- | M] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/06/10 20:53:24 | 00,580,096 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/03/17 15:14:52 | 00,015,144 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/23 16:25:30 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/01/18 21:53:40 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/15 14:11:46 | 00,013,480 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/06/26 12:39:02 | 00,035,600 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcrypt.sys -- (npkcrypt)
DRV - [2007/02/16 13:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/15 19:35:18 | 01,032,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/12/22 22:07:10 | 00,093,696 | ---- | M] () -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2002/06/17 09:18:54 | 00,111,800 | ---- | M] (STMicroelectronics ) -- C:\Windows\System32\drivers\stv680.sys -- (STV680)
DRV - [2002/06/17 09:18:52 | 00,008,584 | ---- | M] (STMicroelectronics ) -- C:\Windows\System32\drivers\stv680m.sys -- (STV680m)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zing.vn/z...utm_medium=boom
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.keiichian...meforever.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: {39124730-0779-11de-8c30-0800200c9a66}:2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.5.3
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:0.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.5.1
FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.2
FF - prefs.js..network.proxy.autoconfig_url: "softnyx.net"
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:01:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/01 19:01:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 10:39:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 10:39:38 | 00,000,000 | ---D | M]

[2008/07/06 14:40:49 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2008/07/06 14:40:49 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/06 08:59:34 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions
[2009/08/19 20:22:47 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/06/25 18:12:53 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/19 20:19:52 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2008/06/01 05:59:50 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/10/31 05:24:40 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}
[2009/09/18 03:28:20 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/10/15 20:04:16 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008/10/15 20:04:16 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}-trash
[2009/08/19 20:26:54 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2008/07/06 15:56:22 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/07/06 16:05:59 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/06/01 05:25:25 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2009/08/19 20:28:51 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\1zeb0fgy.default\extensions\glaze_black@www.theme-oasis.org
[2009/11/06 08:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 10:39:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/23 09:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/27 04:22:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/11/06 10:39:36 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 10:39:36 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/07 16:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 16:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2009/07/02 23:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/05/27 15:41:50 | 00,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2008/03/20 17:21:26 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 10:39:37 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/25 01:02:40 | 00,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll
[2009/09/14 19:23:31 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/07/18 13:21:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/07/18 13:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/10/31 05:24:27 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/31 05:24:27 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/31 05:24:27 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/31 05:24:27 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/31 05:24:27 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/29 15:20:34 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/10/31 05:24:27 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {090AD8A7-FFC4-4BFD-B19F-9722693042DE} http://www.joycity.c...leUpdaterAX.cab (JCEModuleUpdaterAX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://t1.battlefiel...westpatcher.cab (Battlefield Heroes Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games ?Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.co...anSetup1020.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell - "" = AutoRun
O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell - "" = AutoRun
O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 17:02:57 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2009/11/06 10:53:18 | 00,000,000 | --SD | C] -- C:\worksnow
[2009/11/06 05:16:46 | 00,000,000 | ---D | C] -- C:\ProgramData\AIM
[2009/11/06 05:16:46 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\AIM
[2009/11/06 05:16:46 | 00,000,000 | ---D | C] -- C:\ProgramData\AIM
[2009/11/06 05:16:27 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/11/06 05:16:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/11/06 05:15:50 | 08,116,824 | ---- | C] (AOL LLC.) -- C:\Users\Keith\Desktop\Install_AIM_autoupgrade_7.0.14.1.exe
[2009/11/06 04:54:49 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/11/06 04:45:43 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTM.exe
[2009/11/06 04:44:22 | 00,000,000 | ---D | C] -- C:\Users\Keith\DoctorWeb
[2009/11/06 03:00:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/06 00:40:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/05 16:53:57 | 21,251,816 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Keith\Desktop\drweb-cureit.exe
[2009/11/05 16:53:36 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe
[2009/11/05 03:57:21 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\AOL
[2009/11/05 03:31:37 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2009/11/05 03:31:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/11/05 03:31:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/11/05 03:30:51 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/11/05 03:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2009/11/05 03:30:51 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Webroot
[2009/11/05 03:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2009/11/05 03:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/11/04 23:52:59 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/11/04 23:52:59 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/11/04 23:52:52 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/04 23:50:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/04 23:50:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/04 23:50:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/04 23:50:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/04 23:50:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/04 11:58:10 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 00:34:08 | 00,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2009/11/02 14:55:13 | 00,000,000 | ---D | C] -- C:\Users\Keith\Documents\Downloads
[2009/11/02 14:53:00 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Google
[2009/11/01 19:02:29 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/01 19:02:24 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/01 19:02:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/01 19:02:18 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/01 19:02:16 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/01 19:02:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/01 19:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/01 19:01:39 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/01 19:01:39 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/01 18:18:38 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/11/01 17:59:13 | 00,040,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2009/11/01 17:59:13 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/11/01 16:36:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/01 16:36:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/01 16:36:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/01 16:36:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/01 16:36:01 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/01 16:33:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/31 05:10:05 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Tonium
[2009/10/31 05:09:56 | 00,000,000 | ---D | C] -- C:\Program Files\Tonium
[2009/10/31 01:32:25 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Keith\Desktop\ATF-Cleaner.exe
[2009/10/31 01:29:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/31 01:29:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/30 15:48:53 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/30 15:48:53 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/30 15:48:53 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/30 15:48:53 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/30 15:48:20 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/30 15:48:20 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/30 15:48:20 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/30 15:48:03 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/30 15:48:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/30 15:47:14 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/30 02:08:59 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2009/10/30 02:08:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/30 02:08:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/30 02:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 23:08:46 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 23:08:46 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 23:07:54 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/29 23:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 03:47:51 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 03:47:51 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp(274).dll
[2009/10/28 03:47:51 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp(159).dll
[2009/10/28 03:47:48 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/28 03:47:48 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc(275).DLL
[2009/10/28 03:47:48 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc(160).DLL
[2009/10/16 01:26:19 | 00,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Fallout3
[2009/10/16 01:24:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009/10/16 01:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/10/15 03:33:10 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/10/15 03:33:10 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/10/15 03:33:10 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/15 03:33:10 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/10/15 03:33:09 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/10/15 03:33:09 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/10/15 03:33:01 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/15 03:33:01 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/15 03:33:00 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/15 03:33:00 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/15 03:32:59 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/15 03:32:59 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/15 03:32:59 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/15 03:32:58 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/15 03:32:57 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/15 03:32:57 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/15 03:32:56 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/15 03:32:56 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/15 03:32:56 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/15 03:32:55 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/15 03:32:46 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/15 03:32:46 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/15 03:32:24 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/15 03:32:19 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/15 03:32:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/15 03:32:18 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/15 03:32:18 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/15 03:32:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/15 03:32:01 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 03:31:58 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/13 02:40:14 | 00,266,240 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2009/10/09 01:11:20 | 00,000,000 | -H-D | C] -- C:\Users\Keith\Desktop\irftmpdir_461390
[2009/07/13 23:30:56 | 00,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2008/06/28 14:18:29 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBThcp.dll
[2007/01/30 16:47:52 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 16:46:00 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 16:38:18 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 16:36:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 16:35:00 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 16:32:06 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 16:31:08 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 16:30:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 16:22:32 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 16:21:46 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 16:17:02 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2009/11/06 17:07:37 | 04,456,448 | -HS- | M] () -- C:\Users\Keith\ntuser.dat
[2009/11/06 17:04:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000UA.job
[2009/11/06 17:03:00 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2009/11/06 16:55:19 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 16:55:19 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 16:29:24 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B53160E-41E3-4ADF-B179-39A3613B6DE9}.job
[2009/11/06 14:28:23 | 00,000,000 | ---- | M] () -- C:\Users\Keith\AppData\Local\prvlcl.dat
[2009/11/06 10:58:39 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/06 10:55:31 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/06 10:55:31 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/06 10:55:31 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/06 10:55:31 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/06 10:55:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/06 10:55:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/06 10:54:59 | 29,511,63904 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/06 10:35:22 | 03,562,655 | R--- | M] () -- C:\Users\Keith\Desktop\worksnow.com
[2009/11/06 09:48:36 | 44,744,893 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/06 06:30:09 | 00,037,063 | ---- | M] () -- C:\Users\Keith\Desktop\14633_173456126500_547106500_3346449_6074672_n.jpg
[2009/11/06 05:16:58 | 00,001,093 | -H-- | M] () -- C:\IPH.PH
[2009/11/06 05:16:44 | 00,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/11/06 05:15:59 | 08,116,824 | ---- | M] (AOL LLC.) -- C:\Users\Keith\Desktop\Install_AIM_autoupgrade_7.0.14.1.exe
[2009/11/06 04:58:15 | 00,055,536 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2009/11/06 04:58:15 | 00,055,536 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2009/11/06 04:58:15 | 00,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2009/11/06 04:57:57 | 00,524,288 | -HS- | M] () -- C:\Users\Keith\ntuser.dat{8860bd0b-1a6d-11de-a2b2-00044b03d508}.TMContainer00000000000000000001.regtrans-ms
[2009/11/06 04:57:57 | 00,065,536 | -HS- | M] () -- C:\Users\Keith\ntuser.dat{8860bd0b-1a6d-11de-a2b2-00044b03d508}.TM.blf
[2009/11/06 04:45:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTM.exe
[2009/11/06 01:10:23 | 02,631,819 | -H-- | M] () -- C:\Users\Keith\AppData\Local\IconCache.db
[2009/11/06 01:04:01 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000Core.job
[2009/11/06 00:00:02 | 00,000,683 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2009/11/05 22:23:51 | 00,086,225 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/05 16:57:16 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys
[2009/11/05 16:54:51 | 21,251,816 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Keith\Desktop\drweb-cureit.exe
[2009/11/05 16:53:37 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe
[2009/11/05 15:29:00 | 00,276,705 | ---- | M] () -- C:\Users\Keith\Desktop\IMG_0259.JPG
[2009/11/05 04:14:49 | 00,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/11/05 03:31:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/11/05 03:30:46 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/11/04 23:52:49 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/04 23:52:47 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/11/04 23:30:58 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/04 23:30:58 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/04 23:30:58 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/04 03:48:25 | 00,109,568 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 00:34:09 | 00,000,767 | ---- | M] () -- C:\Users\Keith\Desktop\RegCleaner.lnk
[2009/11/01 19:02:24 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/01 19:02:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/01 19:02:18 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/01 19:02:16 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/01 19:02:16 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/01 19:02:03 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/01 19:02:02 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/31 01:32:31 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Keith\Desktop\ATF-Cleaner.exe
[2009/10/31 01:29:58 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 15:11:14 | 00,524,288 | -HS- | M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000001.regtrans-ms
[2009/10/30 15:11:14 | 00,065,536 | -HS- | M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TM.blf
[2009/10/29 15:45:17 | 00,524,288 | -HS- | M] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000002.regtrans-ms
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/22 09:50:00 | 01,563,008 | ---- | M] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/10/22 09:43:24 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2009/10/19 09:25:09 | 03,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/15 23:39:41 | 00,001,742 | ---- | M] () -- C:\Users\Keith\Desktop\Fallout 3.lnk

========== Files Created - No Company Name ==========

[2009/11/06 10:48:42 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/06 10:35:20 | 03,562,655 | R--- | C] () -- C:\Users\Keith\Desktop\worksnow.com
[2009/11/06 06:30:09 | 00,037,063 | ---- | C] () -- C:\Users\Keith\Desktop\14633_173456126500_547106500_3346449_6074672_n.jpg
[2009/11/06 05:16:44 | 00,001,698 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/11/05 15:36:58 | 00,276,705 | ---- | C] () -- C:\Users\Keith\Desktop\IMG_0259.JPG
[2009/11/05 03:30:44 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/11/05 03:27:47 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/11/04 00:34:09 | 00,000,767 | ---- | C] () -- C:\Users\Keith\Desktop\RegCleaner.lnk
[2009/11/02 18:23:49 | 00,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\prvlcl.dat
[2009/11/02 14:53:18 | 00,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000UA.job
[2009/11/02 14:53:17 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2280042401-330183626-2081709945-1000Core.job
[2009/11/01 19:02:16 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/01 19:02:03 | 44,744,893 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/01 19:02:03 | 00,086,225 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/01 19:02:02 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/01 19:02:00 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/01 16:36:16 | 00,267,264 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/01 16:36:16 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/01 16:36:16 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/01 16:36:16 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/01 16:36:16 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/31 01:29:58 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 15:47:55 | 00,003,374 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/29 15:37:17 | 00,524,288 | -HS- | C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 15:37:17 | 00,524,288 | -HS- | C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 15:37:16 | 00,065,536 | -HS- | C] () -- C:\Users\Keith\ntuser.dat{d158da72-c47b-11de-9ed6-0022cf086900}.TM.blf
[2009/10/15 23:39:41 | 00,001,742 | ---- | C] () -- C:\Users\Keith\Desktop\Fallout 3.lnk
[2009/09/18 13:42:10 | 00,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/09/06 19:30:39 | 01,147,576 | ---- | C] () -- C:\Windows\System32\HanWebMsg1057.dll
[2009/08/28 16:44:00 | 00,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/08/28 16:44:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/28 16:41:33 | 00,002,560 | ---- | C] () -- C:\Windows\CTXFIKOR.DLL
[2009/08/19 00:29:21 | 00,032,879 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/13 22:12:26 | 00,032,879 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/15 22:06:36 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/14 00:14:20 | 00,027,839 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/07/14 00:14:16 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/07/13 23:28:04 | 00,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/07/13 23:28:04 | 00,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/07/01 14:13:25 | 00,438,272 | ---- | C] () -- C:\Windows\System32\RaCoInst.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/15 20:19:25 | 00,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/06/03 14:52:55 | 00,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/03 14:52:54 | 00,139,152 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\PnkBstrK.sys
[2009/05/26 11:12:38 | 00,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/04/11 21:44:22 | 01,123,000 | ---- | C] () -- C:\Windows\System32\HanWebMsg1056.dll
[2009/02/18 21:04:55 | 00,163,840 | ---- | C] () -- C:\Windows\System32\RC_Err_Info.dll
[2009/01/25 23:27:51 | 00,000,027 | ---- | C] () -- C:\Windows\option.ini
[2008/11/17 16:00:26 | 00,000,534 | ---- | C] () -- C:\Windows\entpack.ini
[2008/11/01 01:26:08 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/10/22 04:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/08 19:47:12 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/09/01 13:44:26 | 00,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/08/02 23:57:33 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/08/02 23:43:48 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/07/25 15:15:41 | 00,089,416 | ---- | C] () -- C:\Windows\SystemInfo.dll
[2008/07/19 23:04:18 | 00,000,600 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\winscp.rnd
[2008/06/28 14:18:29 | 00,274,432 | ---- | C] () -- C:\Windows\System32\DLBTinst.dll
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/29 17:06:10 | 00,393,216 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2008/05/23 15:15:03 | 00,109,568 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/23 09:30:16 | 00,029,239 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\UserTile.png
[2008/05/23 07:12:40 | 00,000,552 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d8caps.dat
[2008/05/23 07:10:46 | 02,631,819 | -H-- | C] () -- C:\Users\Keith\AppData\Local\IconCache.db
[2008/05/23 07:02:07 | 00,118,648 | ---- | C] () -- C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/05/23 07:01:50 | 00,000,680 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2008/03/14 17:26:34 | 00,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008/03/14 17:26:33 | 02,489,204 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008/03/14 17:26:24 | 00,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008/03/14 17:26:22 | 02,504,855 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008/03/14 17:26:03 | 00,051,973 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008/03/14 17:26:02 | 01,090,334 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008/03/14 17:25:58 | 00,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008/03/14 17:25:57 | 01,254,017 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008/03/14 17:25:51 | 00,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008/03/14 17:25:50 | 00,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008/03/14 17:25:49 | 00,919,329 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008/03/14 17:25:43 | 02,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008/03/14 17:25:37 | 00,293,054 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008/03/14 17:25:31 | 03,842,531 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008/03/14 17:25:21 | 28,861,971 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008/03/14 17:21:09 | 18,636,793 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008/03/14 17:19:55 | 16,453,751 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008/03/14 17:18:52 | 09,118,219 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008/03/14 17:18:28 | 03,860,200 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008/03/14 17:18:14 | 15,102,497 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008/03/14 17:17:34 | 04,696,905 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008/03/14 17:17:15 | 01,802,028 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008/03/14 17:17:08 | 00,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008/03/14 17:17:04 | 00,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/03/14 17:17:03 | 04,372,992 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2007/02/19 09:20:28 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 09:20:24 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 09:20:02 | 00,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 09:17:06 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 09:17:00 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 09:16:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 09:16:48 | 00,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 09:15:34 | 00,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 19:57:16 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 09:18:28 | 00,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2007/01/10 02:59:52 | 00,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/12/22 22:07:10 | 00,093,696 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/08 02:19:22 | 00,061,440 | ---- | C] () -- C:\Windows\System32\EGamesPlugin.dll
[2005/12/08 02:19:22 | 00,036,864 | ---- | C] () -- C:\Windows\System32\EGameEncrypt.dll
[2005/08/18 12:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 15:07:26 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/05/23 07:42:55 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\acccore
[2008/06/24 06:19:42 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Aegisub
[2009/09/05 23:09:09 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Broken Rules
[2008/10/14 04:16:13 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\ClientKeeper
[2009/11/06 17:05:56 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DNA
[2009/06/08 22:41:42 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DragonicaSCB
[2009/03/26 19:17:53 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\ExportTool
[2008/05/29 07:21:09 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\FrostWire
[2009/03/25 13:39:18 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\GARMIN
[2008/07/01 01:37:31 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\GetRightToGo
[2009/08/12 19:24:05 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\HiveRise
[2009/06/30 15:59:36 | 00,000,000 | -H-D | M] -- C:\Users\Keith\AppData\Roaming\ijjigame
[2008/07/18 17:49:03 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\iPhoneRingToneMaker
[2009/08/12 18:55:30 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mount&Blade
[2009/07/28 17:09:59 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NeopleLauncherDFO
[2008/11/04 04:37:25 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NPLUTO Corporation
[2008/05/23 09:30:16 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\PeerNetworking
[2009/02/22 02:35:35 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Red Kawa
[2008/07/30 02:23:13 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\SYSTEMAX Software Development
[2009/08/13 21:37:39 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\SystemRequirementsLab
[2009/06/04 20:05:56 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\TalesRunner
[2009/06/09 11:10:03 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Thinstall
[2009/10/31 05:10:05 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Tonium
[2009/07/21 16:14:14 | 00,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\XLink Kai
[2009/11/06 10:58:39 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/11/06 10:55:14 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/06 04:58:00 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/06 16:29:24 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B53160E-41E3-4ADF-B179-39A3613B6DE9}.job

========== Purity Check ==========

< End of report >

#8 Thaiche

New Member

Authentic Member
9 posts

Posted 06 November 2009 - 04:16 PM

OTL Extras logfile created on: 11/6/2009 5:06:00 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Keith\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.51% Memory free
4.00 Gb Paging File | 3.90 Gb Available in Paging File | 97.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 220.93 Gb Free Space | 47.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRISIS
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038CC5CC-2C61-43F1-9E95-D69B78850108}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03FCE97B-536C-4D4A-816B-012CA90F6AB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0DFA344C-E658-4B79-B65D-5EA3D417CE48}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1420044B-082E-45E4-A7E9-1E21601F3260}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1B831A01-B562-478E-B152-0483F0B76078}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CD7D2F8-06C4-49BB-AB44-82858F2DE8FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1F14B028-32AE-484D-917A-290BA7E002C9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{31F36AFA-24D2-47BB-BA51-E4862A61924B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3C86A0F0-8650-4624-8A4E-FC27855EA98C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CC87530-01E2-4389-8CD6-FAA513E2CBDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43DD0B69-BD50-4AA8-8F22-7E3A4C574B33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB1E7F2-51BC-4834-B0C2-D80124B12E4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C917BD6-8E29-4DB9-8BB2-ACDF8F76D022}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FE1B196-A567-4163-8B6B-B7D62C4AC15B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{512E7479-3B46-49A4-8B18-3A114484521C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{55B46A97-8942-465C-8084-C2CA06B0D5E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D59FDCB-2CD4-4C47-9992-276F5D334F27}" = rport=10244 | protocol=6 | dir=out | app=system |
"{62357D16-651C-4610-8C09-745C45FCC50B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{771FFB1F-9899-4EFA-8B26-7F17BEEC563A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{821C834F-BBFD-4B15-A0BD-A4F56BF6B537}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8262CF79-649A-42C5-8A2F-FB6F7100F13A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{82EB9345-12D4-4ED3-84F1-00DFD9231A5A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{82EC72EE-1F24-46CA-B145-CC4A661C6859}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85497175-B798-4218-B1DF-7B9C5A0BE960}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9720A721-17B1-49BC-AB6A-789DD4EA6FEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A78086FE-8964-432E-A83B-A7284603E0FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABA2CD82-DF6C-4211-BDCE-4AE2E53A0311}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B96DE2EE-2CB3-4C92-8BDE-80F9C638DE2E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9F9C168-FAC4-42AC-9155-9C1AA172E80C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C04A1766-4C3D-43EA-9F36-01FEC1CE3DB3}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C51DB2F8-56D0-4D22-A6A4-86038560B2A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6687D99-6F22-484A-AD5F-2BF8DCF33D39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEA0E78D-383F-4181-AD17-059F9DAE1138}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF1AFAE7-45DA-4FD7-B5CA-BE28A095EC2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D89A08DF-DD4C-4010-9A02-FFD344C33DFF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB77EF33-58F1-4519-8660-A55DCA806782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBD86AFB-9540-4CC8-B806-83B8145309F5}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{DCB6F641-E90B-4B7B-A14D-3A447B699066}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{DD2F2E1D-0900-4418-BCBF-DE545DBD1DD2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD1CD53A-75DE-4841-953A-D8BC02E4A4F2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{FFD48296-1C03-4F82-8B17-3418E41B0DC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B04E0-EA8B-43CA-B70C-B6E9D26F0D03}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{021279C9-9F4E-4143-B379-60C57CEED3A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05C50C44-C43A-4E0B-B8F5-EA55712D6271}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{070E902B-C5CA-4BCF-88EF-298EC712889F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084A4B7D-511C-4B7E-94F2-C0C7ABD823B7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D897BDF-E4F9-451C-8049-0F2B81CB7798}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DC4F738-99C3-4709-8A68-1E101AECAD81}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{10BB21C1-122D-4FE1-B837-69A18E6CC4C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\coil\coil.exe |
"{110F8E46-B714-4ACC-901B-12F424D2F049}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1218537F-0007-4ADC-B5E8-F8182B4C7EC1}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\tversity.exe |
"{14329FE9-A8DE-4BE2-AC94-AF97974FD95D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{148A6463-F13B-4A7D-B7F7-854EF52FB24F}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"{164C0DC6-9504-4E25-A509-5A8EB610CDC5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\blueberry garden demo\blueberrygarden.exe |
"{180AAFF2-3FB2-40A0-8A03-FD3318D3DCA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B33AF22-BBB0-43E1-B1B5-3C5E6DBEC801}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{1B46568C-65A1-41ED-8F97-75F83652F572}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1BFA1366-24D9-4FA1-810A-EDEF247DB812}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EBB7574-A810-4124-898E-449696054841}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1F5C063E-E452-4159-888F-D9CFBA5ACA25}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1FCD0D19-3EC6-4D03-ACE0-66D53DAC9E18}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{235154B9-289E-4CC4-8CBB-E0F65EEF07B1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{246C1192-8F2F-4339-B59E-84E4C6702A22}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{24EBBEA6-0661-4738-87AA-7FA5A0DF89B7}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{283EE9B9-4FD5-4124-8B0C-978B610FDEDF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{285D85B1-6003-4466-9021-6574F130C549}" = protocol=17 | dir=in | app=c:\program files\willing webcam\wwcam.exe |
"{28888505-9689-4D2F-A634-50592BF50918}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2C48E5BA-4CC5-4026-9E82-ED46ED700315}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{2E5B856B-5087-4726-BD4C-826BAEF1FB68}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2F8335F8-8EEB-4D41-8414-45E92032F7A2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{32190728-2E66-47DE-B1DD-E8F26DAF20EC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{35834136-A252-4B67-A26B-D690EFAE8437}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B072A21-8FF1-4772-9DB0-D43CEB815314}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{419854D7-E9C9-41A5-9EDE-57699AFFEB9B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4274135A-7A1E-47EF-924C-BA4353F52CC4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45715331-3154-4661-9BCD-A006A4A3380C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{45F62ACA-BB3D-45D3-AD0C-F471E15CC14C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A810ACA-1128-4E5D-99C7-21B29F7D23A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{4FE3EE1C-ACD5-4E8F-A77E-5D5798FA5249}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{520CDA78-D3C2-4227-98CB-29D588FD9228}" = protocol=6 | dir=in | app=c:\program files\willing webcam\wwcam.exe |
"{558979F3-35AF-4837-9ED4-745188B01DD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A7E7B40-EEDC-4070-A22A-30267A8D55B9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mini ninjas - demo\ninja.exe |
"{5BDDD856-9BF7-4811-8DB8-B35BDD9D16DE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{62AAD2D2-B095-4625-9C0B-171DEBA994CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65434AD6-3F71-4B12-8D6E-E6A11EE7DD8D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6812A473-FACA-47E0-9296-767671B16141}" = protocol=6 | dir=in | app=c:\program files\vinagame\boomonline\ca.exe |
"{6A2AD24B-B3D8-410B-8FCA-38A82358CBA6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{6D3DEF2A-24D6-4187-B828-82867D1CA8FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70126CA8-C8F8-402A-BDAE-9D2F839DF6F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{720F4F8A-7277-45DB-AC76-595A4BA220E2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\blueberry garden demo\blueberrygarden.exe |
"{740D541E-DEE1-4B8C-A574-3D191DA35EED}" = protocol=17 | dir=in | app=c:\users\keith\appdata\local\temp\purplebean.exe |
"{75BFB1B0-5565-4505-84BC-C4F00DDEAFFA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7BDF13B7-0373-4237-8B5E-BE36C2BC4E05}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{7E52DD2B-5D89-4C8C-AB24-400E579AC22F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7FB639C2-8CDF-4BF9-B835-FEEDAA07DE4B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8022CABE-0D34-4E01-A054-9E9AC3B9E69F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{82540204-FAF4-466D-9BDA-ABBC159B6969}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe |
"{84E0F9FF-0B02-44C7-866C-1326AD8EC4D2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{86FB5F97-322D-44A5-9785-848C58B35C96}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{89CBF807-0868-453B-AC50-3755C7841EED}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{8CB1E494-A092-4B6E-B06B-A0FF45F8DB50}" = protocol=17 | dir=in | app=c:\program files\hiverise\hiverise.exe |
"{8D116D9F-E8CF-4DB8-B9CE-17B3E07DFA99}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8DD080A7-8F30-43A0-93EE-E6D0D57E0679}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{90CD42FF-131B-4B25-B2E9-1FC94032D770}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{931AE0C8-535B-4D6B-8D4A-A61331E9D7AB}" = protocol=17 | dir=in | app=c:\program files\vinagame\boomonline\nmcosrv.exe |
"{96CF3C0B-135E-42E6-8B33-21D43C6B2AF4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darkest of days demo\darkestofdays.exe |
"{9739899B-C85E-4A6F-8E3F-64262F3358C4}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{97C890D5-A87E-4939-972A-A4A08279A1BA}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{991F794C-3C8B-4E7F-85CA-B6E24A3D9DD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C6A9693-2633-46DC-A7E7-FBE4EAA0DF08}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9E0CB58E-889B-40F3-B2E4-39D3DBFD6DA9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A2039032-9BB2-4F2C-83A5-50AB0B785670}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{A968FE27-6E63-489C-B451-607300CCE258}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{AA749E76-100C-4EB3-878D-8A97369E122C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{ABD015A1-C0DB-422B-8FD7-54522A4CFF55}" = protocol=6 | dir=in | app=c:\users\keith\appdata\local\temp\purplebean.exe |
"{ABF8A75D-DFFD-4F73-A6D3-CC15C5D0DF7C}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\tversity.exe |
"{ADCCC89B-F892-4362-A63D-7C4D5A4DD397}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B070E505-D845-4415-9BC4-728B533C77D7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{B590A11C-F0E4-437B-B141-3C89769CFDA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B5A5897B-9A1D-41FD-8380-3FB55C69BA36}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{B88E2168-E67A-40EB-BD09-E11D0C884DDB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\coil\coil.exe |
"{BAD88F4C-E1C7-42CE-BB53-1FB1DD55AA20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mini ninjas - demo\ninja.exe |
"{BF812334-1894-4FBE-AC43-5456D024FE66}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darkest of days demo\darkestofdays.exe |
"{BFC4AB42-ED23-4AEA-B169-54D1637BD17F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C05BC8A3-E0A2-416A-AE0F-50541F15D726}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3902495-A73A-454F-B938-D39F16CF4D2B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C606646D-5B8A-4735-949A-DB64DDC1BA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\flock demo\flock.exe |
"{C8EC7095-4529-42E8-A6D9-C2B7B4E823D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{CF26A2B9-A8F5-4AF7-8835-2E54ADF10E3D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D362EDEE-DFDC-4EBF-A46A-F1B45D2F7A4D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D623B7AE-3828-49E2-942C-CEC6A25C0B60}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe |
"{D6AFA648-6B36-4645-8821-0E1BBE534FE3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{D76B5674-17C7-4CA1-BF14-EA1E90143453}" = protocol=17 | dir=in | app=c:\program files\vinagame\boomonline\ca.exe |
"{D81E39DB-E3BF-4CB0-8529-FB4228D065DA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D89CA61D-6C15-4A78-ACB4-EDCDABF21D1B}" = protocol=6 | dir=out | app=system |
"{DA3FA35F-4C4B-4D63-BA98-5321B5DA7FCE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DCC85DC4-DCA0-42B2-941B-8709F7538B9C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E2C369AF-32DD-46B3-85AA-AA625A72E42C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\overlord2demo.exe |
"{E3993F7E-BD0C-42B4-A48C-17D9E635DDD5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E487D915-4B59-43C2-9B8E-D00214296998}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{EC65C750-5D2A-46E4-8EF6-7C646CE53E00}" = protocol=6 | dir=in | app=c:\program files\hiverise\hiverise.exe |
"{EFDC1C3E-D7AD-4841-90E1-13C02773A5E3}" = protocol=6 | dir=in | app=c:\program files\vinagame\boomonline\nmcosrv.exe |
"{F2478089-C945-4320-90E1-4D3FEB11F05A}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{F46E25FB-E578-4AE9-BDF0-597F294F9714}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\flock demo\flock.exe |
"{F6B6F451-A6B8-4760-BD8A-D0DB26FFDC92}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii - demo\config.exe |
"{F7A4EA0B-C1B6-4D95-97B6-76E10298ECD2}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{FD7E8B51-8F67-4D77-8FB8-FCF73027D4F5}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{FF1CB27F-A8F6-433C-836D-F9182736B1ED}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"TCP Query User{03CE7A96-ED58-42C6-A281-039608AF8D8E}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=6 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
"TCP Query User{0B930290-F2DD-4E78-B1A1-C259A19C3EBA}C:\ijji\english\u_skid.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_skid.exe |
"TCP Query User{14D013DD-EEFD-4D03-A1E9-8C7538FCD219}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"TCP Query User{1A975B04-0F88-4428-A26C-7AA654D6818B}C:\programdata\ijjigame\plauncher.exe" = protocol=6 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"TCP Query User{1C755DA7-DD38-4C8A-AC90-1729500974FA}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=6 | dir=in | app=c:\pentavision\djmaxtrilogy\mainlauncher.exe |
"TCP Query User{23C87BDF-184B-4643-BD03-F7A716CE342D}C:\users\keith\desktop\do_full-client_downloader.exe" = protocol=6 | dir=in | app=c:\users\keith\desktop\do_full-client_downloader.exe |
"TCP Query User{382AE77E-56CF-4D0F-A878-BF7B8B43C1D8}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=6 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"TCP Query User{4D41C324-94DE-437D-8C49-5628636A9CD9}C:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe |
"TCP Query User{55134B5C-35FC-4AE1-BB85-1EADF5CEC5D3}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{59E19F83-6217-4F0B-854F-537073BE2094}C:\program files\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files\xlink kai\kaiengine.exe |
"TCP Query User{5AD69580-B722-4C84-A101-56E4D9CD2771}C:\program files\monte cristo\cities xl\cds\citiesxl_http.exe" = protocol=6 | dir=in | app=c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe |
"TCP Query User{6782C030-CC0E-4AB9-8E10-90FC50D60817}C:\users\keith\desktop\citiesxl_downloader.exe" = protocol=6 | dir=in | app=c:\users\keith\desktop\citiesxl_downloader.exe |
"TCP Query User{6D975A4B-168D-48C5-B881-E07E7630A3CB}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{719EDA30-7EE0-4FA0-81BC-6158D313F77D}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{739C1C6D-D744-41D6-B960-82C77A51FA35}C:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe |
"TCP Query User{74DF8368-CAB8-49E3-AF27-06E5B90BB9D9}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{8ADB5BE3-EE07-4399-9236-53DA75C9CFDA}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=6 | dir=in | app=c:\program files\cyberstep\splash fighters\amped.exe |
"TCP Query User{8D4F964E-4E30-4A2C-8940-12C9717DCF66}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{8FDB9ECA-96C8-4686-B6E2-ED30B1440C60}C:\program files\steam\steamapps\thaiche\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thaiche\half-life\hl.exe |
"TCP Query User{913CC39E-B2C1-49BC-B872-BE62DDBDD52C}C:\ijji\english\u_goonzu.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_goonzu.exe |
"TCP Query User{AC0DE43B-89DB-4D13-82A7-635DD5928811}C:\program files\driftcity\driftcity.exe" = protocol=6 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"TCP Query User{B1F1240B-9A28-426B-B604-604693273713}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{BA43435D-D289-4262-977B-4FA6085B2261}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{BAF74206-CFD1-4508-846E-DB64A3968882}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{CD807493-6D60-4E3A-AF51-8DB43DF931C4}C:\program files\driftcity\driftcity.exe" = protocol=6 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"TCP Query User{CF52D951-0BC9-474E-8933-4FB0AFA55D99}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{D1764435-D494-4C44-9204-FF9149A61E49}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe |
"TCP Query User{D314B54A-B289-4A5A-8D66-25FA97F6508E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{DCA6BC31-D39B-4424-AD28-374AE1B3BAD0}C:\program files\ijji\ijji reactor\outbound_pul.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\outbound_pul.exe |
"TCP Query User{DDF0A9A4-70BE-4373-AE6A-16A1B1B3B2FA}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{DE9EFA88-C8B8-4CB6-96AC-553595652530}C:\program files\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files\xlink kai\kaiengine.exe |
"TCP Query User{DFAD3AFE-0F66-433B-83DD-681FE3F953B4}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{E4281D55-E0B3-4025-8F97-7153D0AC0490}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EA2C0DFB-485A-4CCF-9C40-74A1B55EAA08}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=6 | dir=in | app=c:\pentavision\djmaxtrilogy\mainlauncher.exe |
"TCP Query User{F28F497E-11D5-47C5-A921-0BBDB1123D31}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{F58F5906-8B91-4481-9857-FCF1BD09A19E}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{07505F80-1D4C-404E-B7D1-DA1C1961361D}C:\users\keith\desktop\citiesxl_downloader.exe" = protocol=17 | dir=in | app=c:\users\keith\desktop\citiesxl_downloader.exe |
"UDP Query User{0764E9E4-BD15-4976-BA2E-DA9A96B32111}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{0CCA7E21-BC5D-4638-9C33-43C5FA490653}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{1793FFB0-97B8-4274-AEA5-E7AE8D69C1FA}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{22FE047F-F7D2-47CA-B015-C8D954BE98BB}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=17 | dir=in | app=c:\program files\cyberstep\splash fighters\amped.exe |
"UDP Query User{2A94BF45-EAAF-4DB5-BBFB-7715E26C9B5A}C:\program files\driftcity\driftcity.exe" = protocol=17 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"UDP Query User{2C14FAB4-1DDC-42C0-8486-2EBACE1B38DB}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{30D4179E-5A0F-48CA-AF36-001459A16E27}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{36727D5A-503D-42D3-A3DB-E0A3D22DFA34}C:\ijji\english\u_goonzu.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_goonzu.exe |
"UDP Query User{378E486F-70D8-4634-A8B1-E730CD2F6A04}C:\program files\monte cristo\cities xl\cds\citiesxl_http.exe" = protocol=17 | dir=in | app=c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe |
"UDP Query User{4112E072-8617-4847-927E-0BCB9B6326E7}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{4126608D-87A4-47BA-92E6-766F7215D2BF}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{47F7A35F-6D3A-4131-822C-6CD81353E3C2}C:\program files\steam\steamapps\thaiche\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thaiche\half-life\hl.exe |
"UDP Query User{484512C2-949F-4F8F-ACB7-0211F1430698}C:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe" = protocol=17 | dir=in | app=c:\program files\electric rain\swift 3d\version 5.00\program\swift3d.exe |
"UDP Query User{4BA9C38A-B0D7-4A32-9B7C-EF38FB69D210}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=17 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
"UDP Query User{548D8808-0817-4DAA-A7A2-4780E1E95F83}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{5A453BF4-737F-42AF-8854-0321B1729DE4}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=17 | dir=in | app=c:\pentavision\djmaxtrilogy\mainlauncher.exe |
"UDP Query User{5D7DF121-ADEB-4A52-BD8A-890BE5E1CFD9}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{628621F8-2321-4460-BA26-92681D8CDBD6}C:\program files\driftcity\driftcity.exe" = protocol=17 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"UDP Query User{6BDEA949-8B37-4167-9C3D-95440C8F4AA0}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{6F4F9481-48A2-4A53-9E49-1A9FDB053E9E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{77D6B810-EF8C-49F2-8A0F-6DFACEE2EB6C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{849D0A1B-85CB-4088-AE95-8F2C27E289BF}C:\program files\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files\xlink kai\kaiengine.exe |
"UDP Query User{87F1E1E0-310F-4B4B-A9B9-376F098FC3CA}C:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thaiche\team fortress 2\hl2.exe |
"UDP Query User{8820C842-AFC9-4FD3-BBAA-12D74E14D93A}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{8BCFE371-FA01-4648-A953-C409FB992BA6}C:\program files\ijji\ijji reactor\outbound_pul.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\outbound_pul.exe |
"UDP Query User{A5E6A394-F619-463B-AE0F-799E5E97E7F9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{A69EC847-4C18-4821-9C17-44B73A661C95}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"UDP Query User{A938D8E0-2A8D-4D26-9CFA-6857C34CBE68}C:\programdata\ijjigame\plauncher.exe" = protocol=17 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"UDP Query User{B21F7BFC-4CA7-472C-9DB9-B5D0867BFA4A}C:\program files\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files\xlink kai\kaiengine.exe |
"UDP Query User{B4192C1C-30E7-4A9E-BEFD-F9C4D4A108D7}C:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\cyberstep\splash fighters\jre\1.3.1\bin\javaw.exe |
"UDP Query User{B4D441DC-470D-44BD-80D2-D2C449B65267}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe |
"UDP Query User{BD0E346A-15A0-47BB-B921-4095AA75BD64}C:\ijji\english\u_skid.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_skid.exe |
"UDP Query User{C09B5071-D80E-40BE-8872-28C23175DF8D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{C9B0F04E-CAD2-42F9-8DC2-AF3B83004B64}C:\pentavision\djmaxtrilogy\mainlauncher.exe" = protocol=17 | dir=in | app=c:\pentavision\djmaxtrilogy\mainlauncher.exe |
"UDP Query User{E16E276D-18FE-4892-A14D-ABED7C08DB28}C:\users\keith\desktop\do_full-client_downloader.exe" = protocol=17 | dir=in | app=c:\users\keith\desktop\do_full-client_downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A009E6A-6A11-4571-ADB1-744CDC1E1A43}" = Virtual Philadelphia
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10012B35-46B1-4EB3-88CB-7F8F6B25D34D}" = Splash Fighters
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2023D8DE-CD8E-4958-B831-9DB3166D1B07}" = Swift 3D v5.00
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.2 Release Preview r1987
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = GW-USMini2N
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39CE1724-9B5B-48FC-94C9-7141444490E1}" = GhostX Global
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB9AF08-79AE-4020-84A8-29CF15C67BD5}" = Audition
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = GW-US54mini2
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972B9815-783B-3136-9247-CF62322C4E40}" = Microsoft .NET Framework 3.5 Language Pack SP1 - kor
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A0F7CEAC-8F77-4936-8DDD-0AD4028A5486}" = iPhoneBrowser
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6A6DB9E-9EE2-4872-A45C-C9E0AF0D5D09}" = Monster Hunter Frontier Online
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC94C23D-DCE6-4E98-B82C-168E2104FA16}" = Atlantica Online
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4805162-89AE-4003-9316-328A1F09CA8F}" = Splash Fighters
"{F5025D45-CAE1-4329-8FA9-F12B1BB7E540}" = GrandDog Run Time System V1.0.35
"{F5C521B6-1AF2-432C-A061-E79E2141A32F}" = Quake Live Mozilla Plugin
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"4U AVI MPEG Converter_is1" = 4U AVI MPEG Converter (version 5.3.8)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AIM_7" = AIM 7
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BCDP9_is1" = Business Card Designer Plus 9.5.0.0
"BitLord" = BitLord 1.1
"Boom Online 1.43_is1" = Boom Online - 1.43
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DATA BECKER Instant Photo Scanner" = DATA BECKER Instant Photo Scanner
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DFO" = DFOLauncher
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.6
"DriftCity" = Drift City
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Foxit Reader" = Foxit Reader
"FrostWire" = FrostWire 4.13.5
"GhostX" = GhostX
"GOM Player" = GOM Player
"Gunbound Revolution_is1" = Gunbound Revolution
"GunboundWC_is1" = GunboundWC
"Gunz" = ijji - Gunz
"HanSetup" = ??? ?? ????
"Hive Rise" = Hive Rise
"hon" = Heroes of Newerth
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"iPhoneRingToneMaker" = iPhoneRingToneMaker 2.5.1
"LMS" = C-Dilla Licence Management System
"LostSagaUS" = Lost Saga
"LUNA_US_090414" = LUNA Online v1.0.0
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - kor" = Microsoft .NET Framework 3.5 언어 팩 SP1 - 한국어
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"npkcxp" = nProtect KeyCrypt
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"osu!" = osu!
"Pen Tablet Driver" = Pen Tablet
"pepakura_viewer3en" = Pepakura Viewer 3
"Portal" = Portal
"PunkBusterSvc" = PunkBuster Services
"RumbleFighter" = Rumble Fighter
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Steam App 12820" = Overlord II - Demo
"Steam App 13140" = America's Army 3
"Steam App 17410" = Mirror's Edge
"Steam App 18710" = And Yet It Moves Demo
"Steam App 21650" = FLOCK! Demo
"Steam App 220" = Half-Life 2
"Steam App 22300" = Fallout 3
"Steam App 31500" = Coil
"Steam App 35050" = Mini Ninjas - Demo
"Steam App 37710" = Darkest of Days Demo
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 70" = Half-Life
"Steam App 8980" = Borderlands
"Street Gears_is1" = 1.0
"Sword of The New World_is1" = Sword of The New World
"SystemRequirementsLab" = System Requirements Lab
"TalesRunner" = TalesRunner 1.58720081016
"TVersity Codec Pack" = TVersity Codec Pack 1.1
"TVersity Media Server " = TVersity Media Server 0.9.11.4 beta
"USB Dual Mode Camera v201 Installation Files" = USB Dual Mode Camera v201 Installation Files
"Videora iPhone Converter" = Videora iPhone Converter 4.06
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"WampServer 2_is1" = WampServer 2.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.5
"WinZip Self-Extractor" = WinZip Self-Extractor
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{43462CD3-34B2-4dab-9133-7703A5DEFD61}" = Battlefield Heroes (Crisis\Keith)
"BitTorrent DNA" = DNA
"Cities XL" = Cities XL
"Deviance RO" = Deviance RO
"Google Chrome" = Google Chrome
"ijji.com" = ijji
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#9 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 November 2009 - 06:54 PM

Thaiche,

Double click on OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Processes

:OTL
SRV - File not found -- -- (mi-raysat_3dsmax9_32)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O33 - MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell - "" = AutoRun
O33 - MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell - "" = AutoRun
O33 - MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
[2009/11/06 00:40:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/05 16:53:36 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Users\Keith\Desktop\GooredFix.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL log.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#10 Thaiche

New Member

Authentic Member
9 posts

Posted 07 November 2009 - 01:20 AM

When I ran OTL and rebooted..for some reason a bunch of random album arts and desktop.ini appeared on my desktop..any clue why?...anyway here is the logs I should add I'm getting spammed with virus warnings from AVG now..says "Multiple threat detection C:\windows\System32\snmptrap.exe Infection-Virus found win32/virut C:\Windows\System32\alg.exe Infection-virus found win32/heur I donno what caused it..just started popping up out of no where *****dunno what caused it but windows system defender just reinstalled itself... -_-

and my computer is freaking out, gona run malwarebytes..hope thats not a problem ****Update**** I ran Malwarebytes and it found 77 infections..it cleaned them and said to reboot...i reboot and now my computer is spamming me with virus threats again -_-

feels like they just came back out of no where..keeps telling me everything is infected..all these files..etc =| dunno what running that code through OTL or the other thing did..but it seems like it stirred up a storm XD All processes killed ========== PROCESSES ========== ========== OTL ========== Service mi-raysat_3dsmax9_32 stopped successfully! Service mi-raysat_3dsmax9_32 deleted successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c0413ab-0ef6-11de-9053-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c0413ab-0ef6-11de-9053-00044b03d508}\ not found. File D:\StartPortableApps.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b581d8f-602d-11de-88ac-00044b03d508}\ not found. File D:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f0c7561-1a73-11de-9491-00044b03d508}\ not found. File E:\LaunchU3.exe not found. File move failed. C:\VundoFix Backups\ scheduled to be moved on reboot. C:\Users\Keith\Desktop\GooredFix.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Keith ->Temp folder emptied: 12383492 bytes ->Temporary Internet Files folder emptied: 2948041 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 48910795 bytes ->Google Chrome cache emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 756736 bytes RecycleBin emptied: 8116824 bytes Total Files Cleaned = 69.73 mb OTL by OldTimer - Version 3.1.4.0 log created on 11072009_014400 Files\Folders moved on Reboot... Folder move failed. C:\VundoFix Backups\ scheduled to be moved on reboot. Registry entries deleted on Reboot... ================================================================================ ============== exeHelper by Raktor Build 20091021 Run at 02:18:01 on 11/07/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

Edited by Thaiche, 07 November 2009 - 03:34 AM.

Advertisements

Register to Remove

#11 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 November 2009 - 08:21 AM

Thaiche,

We do seem to have stirred up a hornets nest.

C:\windows\System32\snmptrap.exe
Infection-Virus found win32/virut

If this is not a false positive, there is nothing more we can do. Let's get some verification.

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:
c:\windows\system32\userinit.exe <===this file

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for each of these:c:\windows\system32\svchost.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#12 Thaiche

New Member

Authentic Member
9 posts

Posted 07 November 2009 - 01:42 PM

Well...it wont let me go on that website...wont load it and IE closes it as soon as I try...not to mention it filled my desktop with porn somehow now...Guess only thing I can do is reformat?....

#13 Thaiche

New Member

Authentic Member
9 posts

Posted 08 November 2009 - 04:24 AM

Well, I went out and baught windows 7 today since I lost my original windows vista CD...and reformatted my HDD...so Thanks for trying to help..shame it ended up costing me $120 and all my files to fix..haha Any idea how all the virus's got on?

#14 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 08 November 2009 - 09:11 AM

Thaiche, If you did in fact have Virut, it virtually 100% of the time comes from the use of P2P programs. (bittorrent). It comes "packaged" with pirated files and warez. It may well have been Virut even though we were unable to confirm based on it's reaction. When it realizes it has been found, it often goes "crazy" as you saw on your system. There is no way to clean it. You must reformat and re-install and you can't backup any executable files either or you will transfer the infection to the new install. I think you made a good decision. Anything more I can do for you?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#15 Thaiche

New Member

Authentic Member
9 posts

Posted 08 November 2009 - 01:49 PM

Hmm, guess I gotta be more careful with torrents...I never witnessed a virus do that to me before..so It was an experience thats for sure.... But yeah, nothing else needs to be done. You can go ahead and close this thread I guess... thanks for trying/helping and being quick with responses. -Thaiche

Body Background

skin color theme