Jump to content

vygkbaq.sys - Detected, not removed

X302Z

By X302Z
in Resolved Malware Removal Logs

 Share

Recommended Posts

X302Z

X302Z

Posted
Posted

So my problem is that I have this file called vygkbaq.sys

It's located in C:\WINDOWS\System32\drivers

I tried to delete, send, copy, shred, assassinate, whatever it and it gives me the reply:

Cannot read from the source file or disk.

It's been detected by MBAM as a rootkit but it's not being deleted.

This file came with a series of other infections: av.exe 2010, paladin security, win16.exe, some other junk. (It said in the properties that it's created on the same day and time)

I deleted all the other stuff with MBAM after a long arduous process but I am not sure if everything is gone.

My google searches are still being redirected, my internet is sluggish.

I suspect my search function is somehow broken too.

I am missing wscui.cpl and cannot do a system restore.

I cannot use the restore option given to me on boot up. (It asks me to press F11) (I know Keyboard's fine because I can access BIOS and other stuff)

My conclusion is that this file is the source.

When I boot into safe mode I also saw that ugly file being loaded onto the drivers' list.

When I searched registry for safeboot and checked the list, the file was not listed there.

I tried deleting with command prompt, in and out of safe mode and tried modding the protection.

I searched and found the file in the registry with 3 entries and am able to delete 2 of the 3 only after editting the permissions.

- When I look at the properties of the file it won't allow me to see the permission

- When I restart my computer the other 2 registries reappeared.

I looked around and found that combofix deletes and rids of common infections.

- Upon running combofix, the system processors fills up to 100% and freezes for awhile.

- Combofix extracts all the files but does not prompt any action

- When ran again, it gave "the blue screen of death".

So... Can this be all the work of 1 file?

How do I get rid of it? (Im pretty sure it doesnt belong)

How do I get wscui.cpl back? (Windows Secruity Control User Interface)

Will system restore be fixed when that is gone?

I'd really like to avoid reformatting.

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello X302Z

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites
X302Z

X302Z

Posted
  • Author
Posted

OTL logfile created on: 27/02/2010 10:04:36 AM - Run 1

OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Owner\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 288.73 Gb Total Space | 133.85 Gb Free Space | 46.36% Space Free | Partition Type: NTFS

Drive D: | 9.36 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 259.63 Gb Free Space | 55.74% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-PC

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\System32\PnkBstrA.exe ()

PRC - C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\WUDFHost.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)

========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (PnkBstrA) -- C:\WINDOWS\System32\PnkBstrA.exe ()

SRV - (nvsvc) -- C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)

SRV - (DAUpdaterSvc) -- E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (gupdate1c96ba081b3bb64) Google Update Service (gupdate1c96ba081b3bb64) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (XAudioService) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (ehstart) -- C:\WINDOWS\ehome\ehstart.dll (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (JRSKD24) -- C:\WINDOWS\System32\JRSKD24.SYS (SoftForum Corporation)

DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\WINDOWS\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iastor.sys ()

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (MegaSR) -- C:\WINDOWS\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\WINDOWS\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\WINDOWS\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (VST_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (adpahci) -- C:\WINDOWS\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (VSTHWBS2) -- C:\WINDOWS\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)

DRV - (LSI_SAS) -- C:\WINDOWS\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\WINDOWS\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\WINDOWS\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\WINDOWS\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\WINDOWS\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\WINDOWS\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\WINDOWS\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\WINDOWS\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\WINDOWS\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\WINDOWS\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\WINDOWS\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\WINDOWS\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\WINDOWS\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\WINDOWS\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ql40xx) -- C:\WINDOWS\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\WINDOWS\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\WINDOWS\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\WINDOWS\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\WINDOWS\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\WINDOWS\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\WINDOWS\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\WINDOWS\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\WINDOWS\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\WINDOWS\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\WINDOWS\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\WINDOWS\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (secdrv) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (mdmxsdk) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant)

DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/13 15:51:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 03:29:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 03:29:31 | 000,000,000 | ---D | M]

[2008/07/27 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2008/07/27 20:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/26 02:47:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iiayymmi.default\extensions

[2009/08/13 16:21:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iiayymmi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/27 07:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/18 03:29:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/06/15 04:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/06/15 04:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2010/02/27 07:20:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/02/18 03:29:29 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/02/18 03:29:29 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2008/08/06 15:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2009/12/17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/07/02 23:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2010/02/18 03:29:30 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/12/18 02:43:52 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/01/16 19:06:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/16 19:06:08 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/16 19:06:08 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/16 19:06:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/16 19:06:08 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/16 19:06:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/16 19:06:08 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/03/26 16:17:39 | 000,000,703 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (XecureCKKB Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://mhf.hangame.com/common/HanSetup1020.cab (HanSetupCtrl1010 Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\System32\KuGoo3DownXControl.ocx File not found

O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\System32\KuGoo3DownXControl.ocx File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/02/23 03:56:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\_DSII.exe -- File not found

O33 - MountPoints2\N\Shell - "" = AutoRun

O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\_DSII.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 18:34:27 | 000,000,000 | ---D | M]

NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/02/27 09:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/02/27 08:46:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/02/27 07:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/02/27 07:20:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/02/27 07:20:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/02/27 07:20:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/02/26 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads

[2010/02/26 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/02/26 15:40:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\TMRBLog

[2010/02/26 15:40:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\log

[2010/02/26 14:58:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/26 14:58:44 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/26 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/26 04:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2010/02/24 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2010/02/24 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/02/23 21:13:33 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2010/02/23 21:13:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2010/02/23 21:13:33 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2010/02/23 17:53:02 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll

[2010/02/23 17:52:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzres.dll

[2010/02/23 17:52:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_isv.exe

[2010/02/23 17:52:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_isv.dll

[2010/02/23 17:52:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc.dll

[2010/02/23 17:52:20 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate.exe

[2010/02/23 17:52:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_ssp.exe

[2010/02/23 17:52:20 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_ssp_isv.exe

[2010/02/23 17:52:20 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdrm.dll

[2010/02/23 17:52:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_ssp_isv.dll

[2010/02/23 17:52:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_ssp.dll

[2010/02/23 17:52:14 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gameux.dll

[2010/02/23 17:52:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Apphlpdm.dll

[2010/02/23 17:52:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\GameUXLegacyGDFs.dll

[2010/02/21 13:38:16 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010/02/21 13:38:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010/02/21 13:38:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010/02/21 13:38:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010/02/21 13:37:43 | 000,299,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Documents\dxwebsetup.exe

[2010/02/09 21:10:11 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe

[2010/02/09 21:10:11 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe

[2010/02/09 21:10:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll

[2010/02/09 21:10:06 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvfw32.dll

[2010/02/09 21:10:06 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll

[2010/02/09 21:10:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciavi32.dll

[2010/02/06 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Xilisoft Corporation

[2010/02/06 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation

[2010/02/06 15:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft

[2010/02/02 03:57:00 | 011,586,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys

[2010/02/02 03:57:00 | 000,068,200 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll

[2010/02/02 03:57:00 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvBridge.kmd

[2010/02/02 03:56:59 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglv32.dll

[2010/02/02 03:56:59 | 004,321,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwgf2um.dll

[2010/02/02 03:56:57 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll

[2010/02/02 03:56:57 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll

[2010/02/02 03:56:57 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll

[2010/02/02 03:56:57 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll

[2010/02/02 03:56:57 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod189.dll

[2010/01/31 14:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU

[2010/01/31 14:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU

[2010/01/30 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Dragon Age Toolset

[2010/01/30 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2010/01/30 13:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\DAODB

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 10:05:42 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\vygkbaq.sys

[2010/02/27 10:04:08 | 003,932,160 | -HS- | M] () -- C:\Users\Owner\ntuser.dat

[2010/02/27 09:56:47 | 000,003,744 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/02/27 09:56:47 | 000,003,744 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/02/27 09:53:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/02/27 09:50:52 | 000,159,455 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/02/27 09:50:52 | 000,159,455 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/02/27 09:50:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/27 09:50:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/27 09:50:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/27 09:49:41 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{9cb06f43-59a2-11de-81e9-001e8cc419ab}.TMContainer00000000000000000001.regtrans-ms

[2010/02/27 09:49:41 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{9cb06f43-59a2-11de-81e9-001e8cc419ab}.TM.blf

[2010/02/27 09:49:32 | 003,020,376 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2010/02/27 09:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/27 00:37:58 | 000,015,360 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/26 22:44:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{86B9FF9E-01BF-4FA2-B758-D552FC5298CD}.job

[2010/02/26 16:26:36 | 001,339,288 | ---- | M] () -- C:\Users\Owner\sar_15_sfx.exe

[2010/02/26 15:46:53 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2010/02/26 15:39:58 | 002,457,600 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\RootkitBuster.exe

[2010/02/26 15:39:52 | 001,074,232 | ---- | M] () -- C:\Users\Owner\RootkitBuster_2.80.1077.zip

[2010/02/25 16:23:11 | 000,027,648 | ---- | M] () -- C:\Users\Owner\Lecture topics Spring 20100.xls

[2010/02/25 16:21:42 | 000,039,936 | ---- | M] () -- C:\Users\Owner\Reading List 2010-1.doc

[2010/02/24 23:51:21 | 000,817,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/24 23:51:21 | 000,687,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/02/24 23:51:21 | 000,139,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/24 21:08:13 | 000,086,088 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 20:30:34 | 000,010,094 | -HS- | M] () -- C:\Users\Owner\AppData\Local\684u2uVf

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/02/23 21:12:05 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2.lnk

[2010/02/23 20:22:19 | 000,334,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/21 13:37:49 | 000,299,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Documents\dxwebsetup.exe

[2010/02/19 18:13:56 | 000,020,207 | ---- | M] () -- C:\Users\Owner\Documents\1101 Report Guidelines.docx

[2010/02/19 18:13:35 | 000,019,232 | ---- | M] () -- C:\Users\Owner\Documents\BISC 102 RESEARCH PROJECT.docx

[2010/02/05 07:09:15 | 000,138,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/02/05 07:09:08 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/02/04 21:06:39 | 000,013,824 | ---- | M] () -- C:\Users\Owner\Documents\07B_ThuAM_Exp5_Prelab.xls

[2010/02/04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010/02/04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010/02/04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010/02/04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010/02/02 20:22:36 | 000,039,936 | ---- | M] () -- C:\Users\Owner\Documents\Reading List 2010-1.doc

[2010/02/01 06:33:42 | 000,028,160 | ---- | M] () -- C:\Users\Owner\Documents\Piece of stuff for Eng102.doc

[2010/01/31 18:44:33 | 000,021,176 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010/01/31 18:44:33 | 000,012,728 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 16:26:33 | 001,339,288 | ---- | C] () -- C:\Users\Owner\sar_15_sfx.exe

[2010/02/26 15:46:53 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2010/02/26 15:39:50 | 001,074,232 | ---- | C] () -- C:\Users\Owner\RootkitBuster_2.80.1077.zip

[2010/02/25 16:23:10 | 000,027,648 | ---- | C] () -- C:\Users\Owner\Lecture topics Spring 20100.xls

[2010/02/25 16:21:42 | 000,039,936 | ---- | C] () -- C:\Users\Owner\Reading List 2010-1.doc

[2010/02/24 20:54:03 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/24 19:08:02 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\vygkbaq.sys

[2010/02/24 19:06:56 | 000,010,094 | -HS- | C] () -- C:\Users\Owner\AppData\Local\684u2uVf

[2010/02/23 21:12:05 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2.lnk

[2010/02/19 18:13:55 | 000,020,207 | ---- | C] () -- C:\Users\Owner\Documents\1101 Report Guidelines.docx

[2010/02/19 18:13:33 | 000,019,232 | ---- | C] () -- C:\Users\Owner\Documents\BISC 102 RESEARCH PROJECT.docx

[2010/02/05 07:09:15 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/02/04 02:52:41 | 000,013,824 | ---- | C] () -- C:\Users\Owner\Documents\07B_ThuAM_Exp5_Prelab.xls

[2010/02/02 20:22:33 | 000,039,936 | ---- | C] () -- C:\Users\Owner\Documents\Reading List 2010-1.doc

[2010/02/02 03:57:00 | 000,007,437 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb

[2010/01/09 22:13:31 | 001,147,296 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1059.dll

[2009/11/27 22:32:19 | 000,000,170 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/05 02:16:40 | 000,159,455 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/11/05 02:16:35 | 000,159,455 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/10/19 20:26:58 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\EhStorAuthn.dll

[2009/09/30 19:48:03 | 001,147,576 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1058.dll

[2009/08/15 19:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/08/13 23:38:37 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/08/01 18:50:55 | 001,147,576 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1057.dll

[2009/03/31 01:33:49 | 000,000,510 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/03/07 14:11:18 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/02/10 17:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\downloads.m3u

[2009/02/10 17:01:02 | 000,000,189 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.rss

[2009/02/10 17:00:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/01/29 22:53:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/01/25 14:30:54 | 000,001,723 | ---- | C] () -- C:\WINDOWS\TSearch.INI

[2008/12/04 19:34:52 | 000,328,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys

[2008/10/24 12:59:08 | 000,000,522 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\KB8888239.log

[2008/08/25 12:12:54 | 000,022,328 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys

[2008/08/09 22:26:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2008/07/27 23:58:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/07/27 23:21:35 | 000,000,106 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

[2008/02/23 03:49:26 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2008/02/23 03:42:16 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll

[2008/02/23 03:42:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll

[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\sysprepMCE.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\WINDOWS\System32\pacerprf.ini

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/07/27 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders

[2010/02/26 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus

[2009/06/13 14:55:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CallingID

[2009/06/12 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ClientKeeper

[2010/01/30 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dragon Age Toolset

[2009/08/24 15:44:11 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame

[2008/07/28 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish

[2009/08/03 12:17:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SPORE

[2009/06/15 04:46:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab

[2008/08/24 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

[2008/08/01 12:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft

[2008/08/18 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2009/06/15 02:44:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

[2010/02/06 15:27:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation

[2010/02/27 09:49:36 | 000,032,632 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

[2010/02/26 22:44:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{86B9FF9E-01BF-4FA2-B758-D552FC5298CD}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\agp440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys

[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll

[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >

[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >

[2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys

[2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys

[2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys

[2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys

[2008/06/02 17:50:10 | 000,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

[2008/12/04 19:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_08c343cc\iaStor.sys

[2008/12/04 19:34:52 | 000,328,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\iaStor.sys

< MD5 for: IASTORV.SYS >

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll

[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/20 18:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/20 18:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll

[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 03:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll

[2009/03/08 03:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll

[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll

[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2008/12/04 19:34:52 | 000,328,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\iaStor.sys

[2010/02/27 10:11:50 | 000,791,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\vygkbaq.sys

< %systemroot%\System32\config\*.sav >

[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV

[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV

[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV

[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV

[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E23FEBD6

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >

Link to post
Share on other sites
X302Z

X302Z

Posted
  • Author
Posted

OTL Extras logfile created on: 27/02/2010 10:04:36 AM - Run 1

OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Owner\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 288.73 Gb Total Space | 133.85 Gb Free Space | 46.36% Space Free | Partition Type: NTFS

Drive D: | 9.36 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 259.63 Gb Free Space | 55.74% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-PC

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 1

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BF181F3-B7DE-4EE7-8CBD-02FD571C0D78}" = rport=138 | protocol=17 | dir=out | app=system |

"{16B49F1C-F26E-4077-95D4-9584EEDF76B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{22E27728-8B17-4F37-9F1C-564A00D93E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{24070B9C-CED6-49B3-9860-59332A135364}" = lport=139 | protocol=6 | dir=in | app=system |

"{24489D63-D5C6-4D13-AE39-1AF17FF3D86C}" = lport=137 | protocol=17 | dir=in | app=system |

"{256CF477-DF63-42C9-802E-B4F8A83C6028}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{44811EC8-51FE-469C-980D-2F39B1DB79BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{507CBD19-08AF-4387-AEBF-8DDB5203EECC}" = lport=138 | protocol=17 | dir=in | app=system |

"{5F4FC3FD-CBB4-47B6-9A62-82C8635BBA10}" = lport=445 | protocol=6 | dir=in | app=system |

"{71DD8C8B-3EB2-4269-AA08-560146692493}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{786DCA49-BD7A-45F3-9EF6-BD1D3336EF9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{83985B32-1779-42D7-9A9A-905DC54F3B75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{83F12056-E6B7-4DEF-9E7E-18521D235DA8}" = rport=445 | protocol=6 | dir=out | app=system |

"{B0A05B16-1A81-4BC9-B58C-D38DFAA12304}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CAF2A5DB-710A-4851-B48A-0E0EDE894A62}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{CCFD2501-8F11-4A55-B9F8-EC389BFFE5F0}" = rport=139 | protocol=6 | dir=out | app=system |

"{D508F37C-7591-47FC-8683-C01862D462E6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DD0E693F-CEDC-46EA-AD6E-405324BF980A}" = rport=137 | protocol=17 | dir=out | app=system |

"{E41605F2-C68E-4700-8D8B-990326B11DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{ECBB4AD2-07AF-4669-A955-31F5D35CD750}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0078C78C-8592-462F-AE5B-3937B2AA0DE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{06C62FFC-B693-4559-8F74-013101C5D6A3}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\gffeditor.exe |

"{09125835-0650-4A35-9CA2-99AB358B1C75}" = protocol=6 | dir=in | app=e:\program files\dragon age\daoriginslauncher.exe |

"{0AF787E5-837F-48F7-AE9E-1A85E9910744}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{1D4E0004-D198-4AF3-A15C-5FBC7444F587}" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{22C32E8B-1B47-4BB4-A481-462D205E1E36}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\lightmapper\eclipseray.exe |

"{240CFD1B-F144-41D8-8A77-71E63C1C0D9D}" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"{2BFF5EF1-62B6-44F6-BA27-286FDB403000}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2D0E1494-2612-475D-9C35-08AB73CE7C45}" = protocol=17 | dir=in | app=e:\program files\dragon age\daoriginslauncher.exe |

"{2F031F7F-3928-440F-8459-919B5A3A0CBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{36B802AB-6FD7-4E97-A1BB-03B6A3C00C1F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{3D0AA150-6D64-4A3D-8F82-A029CA193489}" = protocol=6 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3x.exe |

"{3EBB0DE3-8DB3-45C5-99A0-CD7E7F76AF93}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\rpu.exe |

"{41B368C5-F2D6-4BDF-AAE3-02DD572E5A9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{48C2CD72-88B4-4C24-B3D3-56665EDD8D27}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\dragonagetoolset.exe |

"{52DAE5CE-CE98-43DE-993A-B40FD69667A8}" = protocol=17 | dir=in | app=e:\program files\dragon age\bin_ship\daupdatersvc.service.exe |

"{57E7FAB8-E55B-487A-8691-686FB403841E}" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"{5C03AD17-865D-4263-B04F-B5B9A0823A59}" = protocol=6 | dir=in | app=e:\program files\dragon age\bin_ship\daorigins.exe |

"{5C312DCD-C144-48E8-9386-F6A23C98D873}" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx10.exe |

"{616BE16D-CDED-4142-8552-354896812C11}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{6454777C-823F-4C73-98F4-C0512D588B0C}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\rpu.exe |

"{668977C3-6B46-4CD1-AB73-FE59FC2A2F79}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\erfeditor.exe |

"{6884F8A1-B0AD-4E9C-B6D9-EB38B978C980}" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe |

"{699371CE-ED25-441B-97A1-3DA0144483BC}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\gffeditor.exe |

"{6A808EE1-05D7-4754-9270-49118CCF4E06}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\lightmapper\eclipseray.exe |

"{6AF18044-513F-4D18-9C11-2D7E072CF565}" = protocol=17 | dir=in | app=c:\windows\system32\forcebindip.exe |

"{6BEA7A6A-7E0D-45BD-BBD3-CE42CA1C1D7A}" = protocol=6 | dir=in | app=e:\program files\dap\dap.exe |

"{6CA3BC35-5738-4331-B787-E87205EECED8}" = protocol=17 | dir=in | app=e:\program files\dragon age\bin_ship\daorigins.exe |

"{75E5EF62-8437-4446-9C17-13A3456949B3}" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe |

"{77A85EAD-4BE1-4B35-ACAE-813CB3726636}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7AAEE1F5-B7EA-4E7D-B9E0-B3CBD2C971EF}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe |

"{7DF7909C-B5D6-470E-8E66-AF97DC3609A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{873478CF-C7C7-4F31-B7D0-3A5DA1916D60}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{8A617241-185C-40D0-AD31-19A4D4DAB43F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{964F6EA7-B89C-41F3-875D-091D2D5811B8}" = protocol=6 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3y.exe |

"{9798273D-9885-4A56-80B4-2A5AFF43E979}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{97F476AF-AC67-4F16-9BFC-E30C9710A072}" = protocol=17 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3x.exe |

"{A0F884FB-CD95-410A-803D-B8C22AC2EAB2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{AC62A7E9-89BF-48C8-BDDD-1B5988628E35}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{AD73850B-1BAF-478D-9CAE-CFD2C9EFD136}" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"{B11C2D93-C847-4C22-B693-E02A5489F593}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{B2877A7D-B666-40F2-B360-7F5CCBABA7F0}" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe |

"{BA33E6C5-2412-461B-B82C-C3DBF5B9B69E}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe |

"{BB0446F1-4758-4965-A128-A7A4BD8270CE}" = protocol=17 | dir=in | app=e:\program files\dap\dap.exe |

"{C2C3A5CB-A7A6-4212-AF8B-7CB1EC34553D}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\dragonagetoolset.exe |

"{CE21EE90-45D4-4CC7-AAC6-E798BB630288}" = protocol=6 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |

"{CE30F125-0370-4149-8024-25A67ADAD668}" = protocol=17 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3y.exe |

"{CF45F742-93AE-4D19-947C-8F5343134CD9}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{D4C76010-B2F1-45B2-AFB2-02A0A12FE1DF}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\erfeditor.exe |

"{D5688735-85F0-4E11-A496-FC184268E9F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{D69EE59F-0596-4038-821C-D138495EF744}" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |

"{D8259FDD-D835-43AD-9549-3ABE2C34DCD5}" = protocol=6 | dir=in | app=c:\windows\system32\forcebindip.exe |

"{DA7C1096-AC15-42E7-97C9-7A3B0BA14675}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |

"{DB618D2A-938F-4FAD-9DF3-EB54AC9D4991}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{E67C3014-F797-430D-9EA6-EDF5C62F9044}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{E7336984-7714-489D-A460-34E53D36E754}" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx10.exe |

"{E79050A5-A6AD-408D-9D3F-2A3E7F8D0315}" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{EADC370E-31B0-4B8B-8AD8-EE80FC97C795}" = protocol=6 | dir=in | app=e:\program files\dragon age\bin_ship\daupdatersvc.service.exe |

"{ECF7AD94-A15C-4E7A-9957-E7C953E791C2}" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe |

"{EE8491CB-0CE7-4826-81DB-46E31A8958FD}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |

"{EF119E70-C4A4-46C7-8793-B90F68F8E9FF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{F188B1CC-7FD9-41D9-A83C-C2FAADA27CE4}" = protocol=17 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |

"{FE338F7C-7201-449A-9DE6-B1A46236FA91}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"TCP Query User{30542B87-C5B7-4FC3-81FC-8E4EC0180A5C}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe |

"TCP Query User{31E9E0F8-400F-4FCA-9C47-4F71B58F1182}E:\program files\dawn of war ii\dow2.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war ii\dow2.exe |

"TCP Query User{323FD097-34BF-4E15-8B01-27C6CE04E595}E:\program files\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=e:\program files\saints row 2\sr2_pc.exe |

"TCP Query User{3AD5338B-2637-4568-845A-51FE8A750072}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{42DC32DE-BAEC-449C-BF0B-D55FAE4D9733}E:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead\left4dead.exe |

"TCP Query User{6BC9C18B-BB92-4549-B66B-E6AE7C4DB428}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"TCP Query User{6E75CBE1-5D48-4A48-8BDF-CC8674D9F7B2}E:\program files\dawn of war 2\stuff\archive\archive.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war 2\stuff\archive\archive.exe |

"TCP Query User{6F70E081-44C0-4E08-8F46-B8F06F551C22}E:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe |

"TCP Query User{7056883D-1DA9-43A6-9B2C-BBB0D6F2C0CC}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |

"TCP Query User{84BA8579-D9F0-40AA-B7EE-D8F32945975F}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |

"TCP Query User{85E8AE16-0F66-4BBE-959A-91CD217496CC}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe |

"TCP Query User{89B28F0A-6603-43A8-ACF6-3A8C29D74CD5}E:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |

"TCP Query User{8C7337F8-C37E-4CE0-B47E-D0DC70B27AE1}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

"TCP Query User{A5D495F7-739F-42D1-88B9-D685DF4DA6AB}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |

"TCP Query User{AAA0280D-794C-458C-AE6B-C0B2310702E3}E:\program files\gunz\gunz.exe" = protocol=6 | dir=in | app=e:\program files\gunz\gunz.exe |

"TCP Query User{AAD001EE-E7CB-4A69-BDE5-4F195CCE80F0}E:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe |

"TCP Query User{B4369936-B7B8-4ABF-8418-6C1FEE388FB8}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |

"TCP Query User{B5C445B3-FDC3-4A74-BC73-28AC02961C54}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{B763513D-FC65-47F9-B86A-A66D12D4F727}E:\program files\left 4 dead\left4dead (original).exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead\left4dead (original).exe |

"TCP Query User{B8C4AAB7-3092-454D-9CA2-1F76D2F578FE}E:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=e:\program files\starcraft\starcraft.exe |

"TCP Query User{BB40A7E7-1218-4BBB-AC22-8B0331BF9861}E:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe |

"TCP Query User{BCADFEF5-5F83-4AED-BFB0-B925AD4A569A}E:\program files\garena\garena.exe" = protocol=6 | dir=in | app=e:\program files\garena\garena.exe |

"TCP Query User{BFF8DB50-0B52-4045-B070-C8215B176E10}E:\program files\gunz\gunz.exe" = protocol=6 | dir=in | app=e:\program files\gunz\gunz.exe |

"TCP Query User{C2E74046-F130-4268-97EB-A37882230593}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

"TCP Query User{D055D0C2-024C-4FAD-BFD1-4DB4CCA77EC6}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |

"TCP Query User{D5356D05-129E-4411-AFCA-8BCDE54A9B3D}E:\program files\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war 2\dow2.exe |

"TCP Query User{D864C69C-9FE3-4D94-B774-5C974A4BBB3C}E:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead 2\left4dead2.exe |

"TCP Query User{DF41C963-5EF7-4CA1-B86B-5D1B0438C441}C:\windows\system32\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\system32\regsvr32.exe |

"TCP Query User{E59C6E88-6981-4258-B8A8-D590326B7717}E:\program files\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=e:\program files\killing floor\system\killingfloor.exe |

"TCP Query User{ED35D586-55F5-4402-94A6-0E8E519FB98C}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{F8408A0A-05A2-4AC9-BDF2-7B9AC61166DD}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |

"UDP Query User{00350EA3-1339-44C0-B4E8-0F6D31611B4C}E:\program files\garena\garena.exe" = protocol=17 | dir=in | app=e:\program files\garena\garena.exe |

"UDP Query User{0D2BB061-20CB-4AFE-8B13-FBE7D657AF51}E:\program files\left 4 dead\left4dead (original).exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead\left4dead (original).exe |

"UDP Query User{0F990C74-B908-4B8F-8588-22BED2ECC3D1}E:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe |

"UDP Query User{190B4E4A-604B-4CBF-B1D9-D91E86C8431E}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

"UDP Query User{1D700353-343F-4B45-820E-2D0F3742C3F1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"UDP Query User{334489D1-1B80-41C9-896D-ED60ED39AD6C}E:\program files\gunz\gunz.exe" = protocol=17 | dir=in | app=e:\program files\gunz\gunz.exe |

"UDP Query User{362174D7-BA6F-4442-97DB-06E32F9D52BD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

"UDP Query User{3BA19A41-55EE-4FB0-B9FA-636417417E0C}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |

"UDP Query User{3C3BA936-767F-48D2-AC13-38AE034DD99F}E:\program files\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war 2\dow2.exe |

"UDP Query User{4C95B81A-1C15-4FA3-910B-E867213B937A}E:\program files\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=e:\program files\killing floor\system\killingfloor.exe |

"UDP Query User{54467EF6-C725-4AEF-B6D2-36F0B98B0E2D}E:\program files\gunz\gunz.exe" = protocol=17 | dir=in | app=e:\program files\gunz\gunz.exe |

"UDP Query User{5609924D-108E-47D7-85A8-ECDE02F9C17A}E:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=e:\program files\starcraft\starcraft.exe |

"UDP Query User{6084C54D-B23C-4F89-A829-B1311A62D3A5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{6DC68E72-3969-4706-9F81-EAB1C81DA777}E:\program files\dawn of war ii\dow2.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war ii\dow2.exe |

"UDP Query User{70FCA5EA-5209-4336-A408-C7531492F2B2}E:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe |

"UDP Query User{7690DB85-47AB-4EE4-9EE3-659BB2F223E0}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |

"UDP Query User{7BFA4848-730D-469A-BE59-8AA917CEDCFD}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe |

"UDP Query User{836C2705-EC90-499F-A5E7-FC4692389A6C}E:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead\left4dead.exe |

"UDP Query User{94FFBC1D-1DFF-450F-8B95-B388DD928FEC}E:\program files\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=e:\program files\saints row 2\sr2_pc.exe |

"UDP Query User{98207F75-3578-455C-BBBB-0E4B38CCBB75}E:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe |

"UDP Query User{9990CED5-828C-48D9-B849-C05CE3FB324C}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{ADA6E0AA-64AB-4374-99F5-C38774B59FBE}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |

"UDP Query User{B9CBD849-5712-472F-B85B-5C474C409057}E:\program files\dawn of war 2\stuff\archive\archive.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war 2\stuff\archive\archive.exe |

"UDP Query User{B9EF3BAF-4DF0-4175-9D05-AD7924A89F71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{C6C0EC82-3AC3-4BD7-965F-68AECAC76050}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe |

"UDP Query User{D9F5A97D-336E-44BB-95AD-B77DC5574F4C}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |

"UDP Query User{E1244C16-5BFE-4F5E-BEFE-7FAFBEC98EB6}C:\windows\system32\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\system32\regsvr32.exe |

"UDP Query User{E731CE30-83AE-454E-AA9A-D1C1AEA5E6D9}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |

"UDP Query User{EE0B5D6D-D484-4A77-9CAC-87888C7B58AC}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |

"UDP Query User{FB7B0E06-7335-4627-8ED3-B3C5B022FBC5}E:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead 2\left4dead2.exe |

"UDP Query User{FE64CB53-A0BB-471E-B312-D159A41B7141}E:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 18

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode

"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4eda61b2-b245-443a-b831-2a0d66cd2e4b}" = Nero 9 Trial

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision

"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help

"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1

"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{B935D81D-4E99-4D25-B052-776465158019}_is1" = Monster Hunter Frontier Online 09.11.19

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax

"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help

"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed

"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"ForceBindIP" = ForceBindIP

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HanSetup" = ??? ?? ????

"HijackThis" = HijackThis 2.0.2

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"L4D2SP" = Left 4 Dead 2 Standalone Patch

"Left 4 Dead" = Left 4 Dead

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Pangya" = Pangya (Ntreev USA)

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PowerISO" = PowerISO

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0

"Starcraft" = Starcraft

"SystemRequirementsLab" = System Requirements Lab

"Veoh Video Compass" = Veoh Video Compass

"Veoh Web Player Beta" = Veoh Web Player

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"XecureCK" = ClientKeeper KeyPro with E2E for 32bit

"Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 27/02/2010 12:10:38 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\WINDOWS\system32\wscui.cpl".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/02/2010 12:10:50 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\WINDOWS\System32\wscui.cpl".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/02/2010 12:10:56 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\WINDOWS\System32\wscui.cpl".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/02/2010 12:22:52 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/02/2010 12:51:18 PM | Computer Name = Owner-PC | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: Owner-PC\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error

description: Access is denied.

Error - 27/02/2010 12:52:41 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/02/2010 1:20:31 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 27/02/2010 1:50:46 PM | Computer Name = Owner-PC | Source = WinDefendRtp | ID = 3003

Description = %%827 Real-Time Protection checkpoint has encountered an error and

failed to start. User: Owner-PC\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error

description: Access is denied.

Error - 27/02/2010 1:52:16 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 27/02/2010 2:11:12 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1010

Description =

[ System Events ]

Error - 26/02/2010 7:04:34 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874

Description = An SSL connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 26/02/2010 11:28:58 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 001E8CC419AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 27/02/2010 2:32:41 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 001E8CC419AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 27/02/2010 12:04:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 27/02/2010 12:22:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 27/02/2010 12:33:35 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010

Description =

Error - 27/02/2010 12:51:08 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:48:26 AM on 27/02/2010 was unexpected.

Error - 27/02/2010 12:52:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 27/02/2010 1:25:31 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874

Description = An SSL connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 27/02/2010 1:52:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

1. Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
vygkbaq

Drivers to delete:
vygkbaq

Files to delete:
C:\WINDOWS\System32\drivers\vygkbaq.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Uninstall old Java===============

[*]Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

[*]Check (highlight) these entries

[*]Java

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept