Jump to content

backdoor bot removal


total3d

Recommended Posts

Hi all,

Ive read most of the posts on here about trying to remove backdoor bots, but I cant seem to get rid of this one on my system.

Not sure how it even got there in the first place.

I dont know if its a keylogger or not, but in IE and firefox i have to press enter twice for everything i type in search engines, and most pages i click on go straight to either an ad/ fake spyware program site or an adult site.

I use malwarebytes and avast to get rid of the files, but after the restart they are still there. And I cant delete them manually in safe mode as it comes up as "no permission" or "use in another program".

heres the malware bytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4302

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

28/09/2010 11:48:18 PM

mbam-log-2010-09-28 (23-48-18).txt

Scan type: Quick scan

Objects scanned: 142386

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\Users\TOTAL3D\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\TOTAL3D\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

and the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:05 PM, on 28/09/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

D:\Program Files (x86)\Steam\steam.exe

D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe

C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe

E:\Program Files (x86)\PMBCore\SPUVolumeWatcher.exe

D:\Program Files\Alwil Software\Avast4\ashDisp.exe

D:\iTunes\iTunesHelper.exe

C:\Users\TOTAL3D\AppData\Local\Temp\dwm.exe

D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\TOTAL3D\AppData\Roaming\Microsoft\Windows\shell.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Users\TOTAL3D\AppData\Local\Temp\dwm.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"

O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [TrojanScanner] "E:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Superantispyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [steam] "d:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: PMB Media Check Tool.lnk = E:\Program Files (x86)\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Superantispyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11866 bytes

I need help with this ASAP. I dont use this pc for any banking or purchasing after i noticed this problem.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi,

I managed to manually remove two of the files. one was a svchost.exe and the other a shell file, both fake as they were in the appdata/roaming/microsoft folders.

But there is still the registry file which i cant seem to find or delete, which im sure is the cause of the problem. Malware bytes seems to have deleted it.

Ive posted the logs from OTL below. the rootkit unhooker doesnt work, and i get a "error loading driver" message.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4302

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

29/09/2010 12:37:28 AM

mbam-log-2010-09-29 (00-37-28).txt

Scan type: Quick scan

Objects scanned: 142748

Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL Extras logfile created on: 29/09/2010 12:33:54 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\TOTAL3D\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 93.15 Gb Total Space | 6.95 Gb Free Space | 7.46% Space Free | Partition Type: NTFS

Drive D: | 372.61 Gb Total Space | 30.86 Gb Free Space | 8.28% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 409.85 Gb Free Space | 88.00% Space Free | Partition Type: NTFS

Drive F: | 3.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOTAL3D-PC

Current User Name: TOTAL3D

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- E:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- E:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C6 41 1F 8A A8 FD C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20E08C90-9C04-49BC-885A-41E4F03F2CFC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2CA46E28-AD2C-41F1-8C2F-D43CA4929635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2EA506C0-5A4F-4C6A-8481-30DD42446177}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3EBCB52C-3B0F-40C5-8C5E-51212F7E6997}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{468CA22B-3D01-43C0-AA37-088C285BC372}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{67902718-7CF7-4E01-B337-68BB82D212F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CAC16B4-1732-4B9A-861C-7451D073DD8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8487094D-49E9-4B9D-B502-C296E958CB04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{887DA36A-B959-47F1-A9C9-0334848BE293}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8BA36A07-0E96-4B8E-9EC5-7E7D3838BE44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8CC4AF84-0A08-4706-96F3-CDE7CA287425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3F8A7F6-3443-4AA1-A67D-A3FEE022620D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BE0D12D9-A04B-4F16-B812-9E8ED2D7565E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C92AECDF-9853-4A01-97EF-F1D8E964D321}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CA91E70B-FB6F-4BDD-8232-F2319E535ADA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{CF022A1C-7BEE-44BB-9382-FFA4FCC645C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E6F11BE3-9A00-4B2C-9A1D-6A74A4501F13}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{ED524A10-13AE-42AF-94CB-C4F117C845B0}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F0545562-C9C9-40BA-B257-AA1F39D2E09D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{FB71F941-B809-48E1-A98F-210DF93B95DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{FE2809B3-CD5D-4DE8-92AA-71EF81072581}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00C78172-FFA6-48D0-BF9F-5FD8C0F9D71C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{087A11CE-BE91-46DA-A9DD-DF5B56C2789C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{0C510EFF-59F5-4138-B19E-5D3B85D0F204}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0C71F0D1-875E-428F-BA76-764DC7DDDBE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{15F015F5-77FB-4200-8739-6E9875F5681A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{16000160-C011-42DF-A7E2-9A0F40D14212}" = protocol=17 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{1F47583A-4BEC-4965-B4FE-A12722B951A3}" = protocol=17 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{20DF06C6-4446-4F1B-A491-B250C1260AE0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{26C232E4-D4FA-444D-A6CC-5A0B0ED74A80}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{3521670C-8D5C-402E-B79C-A296282A87BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3A45661E-78ED-4D2C-AB2C-5941ADE40F75}" = protocol=17 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{401A267D-7347-4174-BBED-F2A29F089536}" = protocol=6 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{45B244C2-1AF0-4454-A223-5E700A188C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4A31D7A4-958C-46B9-B096-BADD201BE490}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4CC43B36-D902-4142-877D-00C28B6303E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4E7EEEB7-7BEA-43F8-9ECB-08EC1FE0B511}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5151CC3C-70D1-4AFC-BCEC-5DCED7845072}" = protocol=6 | dir=out | app=system |

"{51D2B5F6-66D7-4F1A-9A85-6DE59E4FFD82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{60702BD0-5B07-44B8-A7E0-D1C935381D92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{65B14570-CEF7-49AC-8137-F939A4B712C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{684E324A-9FF4-4982-B00A-CAA473975C07}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{6D2C0E58-9039-4927-B8FC-120A48789ACE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{6FCCEFC8-97B3-4814-AF46-8228C09684AF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{72AA9EC9-2794-42B3-B9CF-6037521A9825}" = protocol=6 | dir=in | app=c:\users\total3d\games\tom clancy's h.a.w.x\hawx.exe |

"{786409EF-959F-46CA-AB20-C2C23D9645CF}" = protocol=17 | dir=in | app=c:\users\total3d\games\tom clancy's h.a.w.x\hawx.exe |

"{7AF5B175-D445-4766-8C3F-39A9EE4DC33E}" = protocol=17 | dir=in | app=c:\users\total3d\games\tom clancy's h.a.w.x\hawx_dx10.exe |

"{7B42A2C5-DB86-4272-8E9F-8BF53CC40D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7EB5348B-64B8-4A6D-BEB9-47680A8C3D96}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{7EFF1E63-5B22-4638-A7CB-20B7A6F8A863}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8B400293-227A-4D64-B001-50ABE644AB8E}" = protocol=6 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{8CFD6A5D-2D26-4D47-8510-1401DBB4C264}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{8F6691E9-227C-49E7-A962-87D363AA6963}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{92A4F96D-BE85-42ED-8F7B-0EC58C5C7AA4}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |

"{9545C28E-D83F-48CF-9036-67EFDEC3C0D9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{966AC139-1DB2-445A-B492-CCA7E05931CA}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |

"{9E58C7AF-B0C6-40ED-BE4B-45A1076BA607}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |

"{AB91C59C-2EBA-4F7B-9916-56D42D0F9E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B1996811-DB68-465D-894D-DF7B52BFBCC6}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |

"{B3343A5D-1FA9-4187-98F5-F987C31744E6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BB80BC44-488C-43A5-8944-11AB8A8D7C49}" = protocol=6 | dir=in | app=c:\users\total3d\games\tom clancy's h.a.w.x\hawx_dx10.exe |

"{C9301FB2-8E7B-4CCC-A9A0-66F370B8C59F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CE1C6264-3822-4FC4-AA6C-FD4C084451CE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{CFD9B749-F031-4858-BD50-F524D2386731}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{D0E02FE2-EB44-4AD1-BB51-75F8BA9B9AB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{D23342D1-B41B-46E6-B183-6B6FDDB3005C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{DF20ACD0-4E13-4F5A-B46A-9660A4E42993}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{EA1B877B-86C0-4DB6-9468-A58D536F0BF9}" = protocol=6 | dir=in | app=d:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{EEBDDA8B-9B10-45C5-8C82-EC01BB81ECE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F5AA89B3-E7E3-42DB-8666-0A7783C85435}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F7265652-B552-47A7-B8C6-7F19EEDEE308}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{FE942654-5129-452F-B132-A12F35743DB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{08F54453-899D-4E40-93FB-1A2C8CA8B713}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{16991CAF-C48D-4453-95DD-C7BA123B4824}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

"TCP Query User{18DCD27F-F9EB-4D74-801B-8601A5AF2BA3}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"TCP Query User{29E386BA-1990-47F5-B858-11F030958C5F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{3B88DDB3-8DD8-4EBD-8EFE-0BA743599B71}C:\program files (x86)\java\jre1.6.0_05\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\java.exe |

"TCP Query User{4F82A598-0ED7-401A-8A79-84020AECE304}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"TCP Query User{67E03043-E598-4253-B5BC-5D644A1669A3}D:\proewildfire 4.0\bin\proe.exe" = protocol=6 | dir=in | app=d:\proewildfire 4.0\bin\proe.exe |

"TCP Query User{6A347DC7-4AA3-4C86-B8F4-D428EB26CA6B}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"TCP Query User{6E864D29-877A-4DDB-9DE4-F50521979C03}D:\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |

"TCP Query User{8850DCBC-B66C-411D-944F-A6B14175C244}E:\program files (x86)\rfactor\rfactor dedicated.exe" = protocol=6 | dir=in | app=e:\program files (x86)\rfactor\rfactor dedicated.exe |

"TCP Query User{8CC2B669-F795-43E5-87A7-8B0EA9432C45}E:\program files (x86)\rfactor\rfactor.exe" = protocol=6 | dir=in | app=e:\program files (x86)\rfactor\rfactor.exe |

"TCP Query User{987536F8-AE68-4959-A69A-13838EC88C9F}D:\proewildfire 4.0\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\proewildfire 4.0\i486_nt\nms\nmsd.exe |

"TCP Query User{9E2B9767-606D-46FE-B180-2184AA457A0E}D:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike 1.6\hl.exe |

"TCP Query User{A67B8FC4-39ED-448C-9F2B-F39BE66ECECC}D:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\urbanterror\iourbanterror.exe |

"TCP Query User{AC566FAF-095B-44D9-9C0C-D2FC58648795}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{AF36158B-47D3-4F0E-BF21-D65BF5EAF054}D:\proewildfire 4.0\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=d:\proewildfire 4.0\i486_nt\obj\xtop.exe |

"TCP Query User{B8D7F5D3-FD2A-4748-A056-022F0406B40E}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

"TCP Query User{C76F48A8-6BE1-414E-A826-EEBE59C73D74}D:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\urbanterror\iourbanterror.exe |

"TCP Query User{CA3C67E6-E9B6-4E62-A11F-F94EA7212BDE}D:\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe |

"TCP Query User{D9C95281-DE5E-4EED-B168-E85CF891AB22}D:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwawmp.exe" = protocol=6 | dir=in | app=d:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwawmp.exe |

"TCP Query User{E1325B80-5996-4EF6-A27B-2570F6B9B844}C:\program files (x86)\java\jre1.6.0_05\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\launch4j-tmp\jdownloader.exe |

"TCP Query User{E32CA5D4-19E6-414A-96D5-2B5985687A55}D:\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=d:\tvuplayer\tvuplayer.exe |

"TCP Query User{E9D2B25E-5CD0-4379-A9EC-D723F1679D09}D:\program files (x86)\ea games\nightfire\bond.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\nightfire\bond.exe |

"TCP Query User{F398BB7A-7DF3-495A-92E0-904A1874A097}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{F68E135C-C8B3-439C-B77C-7E515B763E6F}D:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwaw.exe" = protocol=6 | dir=in | app=d:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwaw.exe |

"TCP Query User{FA2EA1CB-110D-499C-8DEF-CA1EF3E09D53}D:\program files (x86)\ea games\nightfire\bond.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\nightfire\bond.exe |

"TCP Query User{FA876054-37EE-404B-8415-58F661DFAC0B}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"TCP Query User{FD637A03-5C99-4A8B-B76B-3036155F9F38}C:\users\total3d\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\total3d\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |

"TCP Query User{FDE81FAC-AC06-4CB8-AC1A-8FC4B83A6DB0}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{0CDDF8D1-3162-4B29-8D34-8A3375B31BE5}D:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\urbanterror\iourbanterror.exe |

"UDP Query User{0F17A38E-9EA8-4D1A-8124-4A2D8D118C7B}D:\program files (x86)\ea games\nightfire\bond.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\nightfire\bond.exe |

"UDP Query User{13745360-EEC8-4548-8D5A-48E9328189BD}D:\proewildfire 4.0\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=d:\proewildfire 4.0\i486_nt\obj\xtop.exe |

"UDP Query User{1B49596A-0089-4B27-94F5-B7885578DFC8}D:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwaw.exe" = protocol=17 | dir=in | app=d:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwaw.exe |

"UDP Query User{25EBD547-AAA8-4EC5-A291-245ADDFBB203}D:\proewildfire 4.0\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\proewildfire 4.0\i486_nt\nms\nmsd.exe |

"UDP Query User{28676D5B-A8D4-4B43-AEE9-C398C5BF1748}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{2904D598-CB0D-48CB-BA08-FA78B2C1AA4B}D:\proewildfire 4.0\bin\proe.exe" = protocol=17 | dir=in | app=d:\proewildfire 4.0\bin\proe.exe |

"UDP Query User{31AECFBA-B7DD-4DBC-9741-8E9B3C7B74B2}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"UDP Query User{45E497D7-14C6-4C0E-A7E6-AFC2DC66110F}C:\program files (x86)\java\jre1.6.0_05\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\java.exe |

"UDP Query User{46B0412E-6D92-427C-A54B-3FCAF5F69219}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{535E2059-5D70-403D-A645-2D38555E0FF3}D:\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe |

"UDP Query User{576947BC-C8E7-441E-A8C9-E0240A474E48}D:\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |

"UDP Query User{633A614C-238D-4B5D-9011-D1766D0C3EF9}E:\program files (x86)\rfactor\rfactor.exe" = protocol=17 | dir=in | app=e:\program files (x86)\rfactor\rfactor.exe |

"UDP Query User{68426855-B812-4AEB-BF81-88256D44198E}D:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwawmp.exe" = protocol=17 | dir=in | app=d:\codwaw\call.of.duty.world.at.war-reloaded\setup\data\codwawmp.exe |

"UDP Query User{6AA3A2B9-FC14-446D-960D-E2D6C39CC25F}E:\program files (x86)\rfactor\rfactor dedicated.exe" = protocol=17 | dir=in | app=e:\program files (x86)\rfactor\rfactor dedicated.exe |

"UDP Query User{93CFB332-0472-4CE2-88C3-98001329EE5A}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"UDP Query User{9CFF098D-C671-4185-967C-E5A43C12B6E6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{A6D52D0B-1F00-49DE-9AC4-4DD88BCE7F8E}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

"UDP Query User{B0BEECEF-2ED3-4763-9D80-528C51E561E6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{B22144D7-E1BF-4370-9154-6676316CAF4B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{B83EAF9E-FAF9-4214-9E18-9D66421FF29D}C:\program files (x86)\java\jre1.6.0_05\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\launch4j-tmp\jdownloader.exe |

"UDP Query User{E5250BBA-7EBC-418C-8DB3-A518073692BA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{E6044745-7658-4DBF-B0FB-881D4B5DA449}D:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike 1.6\hl.exe |

"UDP Query User{E895051D-DFF2-4728-9D72-AA3073C3CEE3}D:\program files (x86)\ea games\nightfire\bond.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\nightfire\bond.exe |

"UDP Query User{ED5357A0-CC53-4581-8EAC-A9F58B03573B}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

"UDP Query User{EFE49313-F473-4E2D-A71C-0CD8A21E8B4A}D:\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=d:\tvuplayer\tvuplayer.exe |

"UDP Query User{FCAA5E19-8CA1-4F8B-A1FE-926FB57AB667}C:\users\total3d\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\total3d\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |

"UDP Query User{FE2FAFF9-0C97-4779-8364-46DC465C5AD1}D:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\urbanterror\iourbanterror.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes

"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"GTR Evolution_1.1.1.2_is1" = GTR Evolution

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1095069C-ABE2-4041-8139-48DED17CD142}" = WinFast DTV1000 S Driver

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{47C58A41-8A53-490D-9BD6-A9C8476D3E32}_is1" = Gran Turismo BETA v2.0

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur

Link to post
Share on other sites

sorry, here is the otl.txt file.

I ran all my virus programs overnight (full scan). No issues at the moment.

OTL logfile created on: 29/09/2010 3:50:01 PM - Run 2

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\TOTAL3D\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 93.15 Gb Total Space | 7.15 Gb Free Space | 7.67% Space Free | Partition Type: NTFS

Drive D: | 372.61 Gb Total Space | 30.86 Gb Free Space | 8.28% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 409.82 Gb Free Space | 87.99% Space Free | Partition Type: NTFS

Drive F: | 3.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TOTAL3D-PC

Current User Name: TOTAL3D

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/29 15:49:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TOTAL3D\Desktop\OTL.exe

PRC - [2010/08/24 12:56:50 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\steam.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/04/08 21:41:18 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe

PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- E:\Program Files (x86)\PMBCore\SPUVolumeWatcher.exe

PRC - [2008/10/20 10:56:35 | 000,091,440 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2008/07/23 23:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008/07/19 23:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008/07/19 23:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008/07/19 23:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008/07/19 23:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2007/11/15 03:00:00 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2007/10/01 09:10:46 | 000,413,696 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe

PRC - [2007/09/28 09:59:40 | 000,090,112 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe

PRC - [2007/06/27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2004/12/13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/09/29 15:49:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TOTAL3D\Desktop\OTL.exe

MOD - [2010/07/05 00:11:20 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcr80.dll

MOD - [2010/07/05 00:11:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcp80.dll

MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/19 17:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

MOD - [2007/11/15 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2007/11/15 03:00:00 | 000,055,808 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/19 18:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/11/15 09:17:04 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/10/21 18:07:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/30 09:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2008/07/23 23:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2008/07/19 23:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2008/07/19 23:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2008/07/19 23:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008/06/30 20:52:48 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)

SRV - [2004/12/13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\PxHelp64.sys -- (PxHelp64)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/04/13 18:45:38 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)

DRV:64bit: - [2010/04/13 18:45:38 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)

DRV:64bit: - [2010/04/13 18:45:38 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)

DRV:64bit: - [2010/04/13 18:45:38 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)

DRV:64bit: - [2010/04/13 18:45:38 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/07/19 23:37:52 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2008/07/19 23:36:19 | 000,063,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2008/01/24 14:08:34 | 000,057,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2008/01/24 14:08:24 | 000,015,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2008/01/24 14:08:14 | 000,034,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)

DRV:64bit: - [2008/01/24 14:08:04 | 000,032,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2008/01/24 14:07:54 | 000,022,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2008/01/19 16:47:12 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/09/21 02:13:08 | 000,056,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2007/09/21 02:13:02 | 000,054,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2007/08/03 12:45:08 | 000,125,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2007/07/30 07:10:20 | 000,933,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys -- (3xHybr64)

DRV:64bit: - [2007/06/20 18:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)

DRV:64bit: - [2006/09/19 07:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/29 00:36:48 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2008/05/13 12:43:56 | 000,055,024 | ---- | M] () [Kernel | System | Stopped] -- D:\Superantispyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2007/12/15 13:27:46 | 000,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ig

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2010/09/08 21:38:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/08 21:38:44 | 000,000,000 | ---D | M]

[2009/10/17 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Mozilla\Extensions

[2010/09/17 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Mozilla\Firefox\Profiles\azcoj63s.default\extensions

[2010/09/17 17:03:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TOTAL3D\AppData\Roaming\Mozilla\Firefox\Profiles\azcoj63s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/17 17:03:46 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\TOTAL3D\AppData\Roaming\Mozilla\Firefox\Profiles\azcoj63s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe File not found

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TrojanScanner] E:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)

O4 - HKLM..\Run: [WinFastDTV] C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found

O4 - HKCU..\Run: [iSUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] d:\program files (x86)\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] D:\Superantispyware\SUPERAntiSpyware.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - Startup: C:\Users\TOTAL3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = E:\Program Files (x86)\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Superantispyware\SASWINLO.dll - D:\Superantispyware\SASWINLO.dll ()

O24 - Desktop WallPaper: D:\pictures\Hawaii 09-10\IMG_0411.JPG

O24 - Desktop BackupWallPaper: D:\pictures\Hawaii 09-10\IMG_0411.JPG

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Superantispyware\SASSEH.DLL ()

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{2fa3bafb-41ea-11df-9e1e-001d7dd618af}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found

O33 - MountPoints2\{2fa3bafb-41ea-11df-9e1e-001d7dd618af}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/29 15:49:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TOTAL3D\Desktop\OTL.exe

[2010/09/28 23:01:38 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\Documents\Simply Super Software

[2010/09/28 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Roaming\Simply Super Software

[2010/09/28 23:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2010/08/25 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Roaming\vlc

[2010/08/25 22:42:48 | 000,000,000 | ---D | C] -- C:\VLC

[2010/08/16 16:35:02 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\Documents\My Palettes

[2010/08/16 16:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis

[2010/08/16 16:31:23 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Roaming\Corel

[2010/08/16 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\Documents\Corel

[2010/08/16 16:28:55 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\Documents\Visual Studio 2008

[2010/08/16 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2010/08/16 16:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0

[2010/08/16 16:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel

[2010/08/16 16:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis

[2010/08/16 16:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2010/08/16 16:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel

[2010/07/21 22:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/07/21 21:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player

[2010/07/21 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2010/07/16 20:41:20 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Local\ieshxxryr

[2010/07/15 23:03:38 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\Games

[2010/07/12 01:13:43 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Roaming\Malwarebytes

[2010/07/12 01:13:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/07/12 01:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/07/12 01:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/12 01:02:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2010/07/12 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2010/07/05 00:16:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2010/07/05 00:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod

[2010/07/05 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/07/05 00:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/07/05 00:15:34 | 000,000,000 | ---D | C] -- C:\Users\TOTAL3D\AppData\Roaming\Apple Computer

[2010/07/05 00:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/07/05 00:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/07/05 00:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/07/05 00:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2009/02/03 22:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\TOTAL3D\AppData\Roaming\7za.exe

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/29 15:51:56 | 006,815,744 | -HS- | M] () -- C:\Users\TOTAL3D\ntuser.dat

[2010/09/29 15:49:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TOTAL3D\Desktop\OTL.exe

[2010/09/29 15:48:12 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0AA20888-5870-4E72-8D68-10D62AD2D42F}.job

[2010/09/29 15:41:48 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/29 15:41:48 | 000,003,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/29 15:41:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/29 15:41:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/29 03:57:38 | 000,524,288 | -HS- | M] () -- C:\Users\TOTAL3D\ntuser.dat{1d5df9a6-fbab-11dd-98e8-001d7dd618af}.TMContainer00000000000000000001.regtrans-ms

[2010/09/29 03:57:38 | 000,065,536 | -HS- | M] () -- C:\Users\TOTAL3D\ntuser.dat{1d5df9a6-fbab-11dd-98e8-001d7dd618af}.TM.blf

[2010/09/29 03:57:15 | 002,901,794 | -H-- | M] () -- C:\Users\TOTAL3D\AppData\Local\IconCache.db

[2010/09/29 02:02:56 | 000,211,456 | ---- | M] () -- C:\Users\TOTAL3D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/29 01:29:19 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/29 00:36:48 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/28 23:36:54 | 000,000,932 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\HijackThis.lnk

[2010/09/28 22:49:20 | 000,136,392 | ---- | M] () -- C:\Users\TOTAL3D\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/09/28 22:48:49 | 005,006,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/09/28 17:59:59 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/09/18 16:26:37 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/18 16:26:37 | 000,602,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/18 16:26:37 | 000,106,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/17 23:27:25 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/09/13 16:10:08 | 000,021,870 | ---- | M] () -- C:\Users\TOTAL3D\Documents\interview 1.docx

[2010/09/07 22:56:33 | 003,505,152 | ---- | M] () -- C:\Users\TOTAL3D\Documents\newsletter aug sept.doc

[2010/09/07 19:28:48 | 632,153,523 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/08/27 14:24:52 | 000,001,356 | ---- | M] () -- C:\Users\TOTAL3D\AppData\Local\d3d9caps.dat

[2010/08/27 14:24:46 | 000,000,732 | ---- | M] () -- C:\Users\TOTAL3D\AppData\Local\d3d9caps64.dat

[2010/08/25 22:43:56 | 000,000,486 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/08/25 20:49:47 | 000,033,864 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\First Ever FBMW Test.docx

[2010/08/25 13:02:30 | 007,393,715 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Formula BMW car design visual - Copy.psd

[2010/08/25 13:02:15 | 001,107,016 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Formula BMW car design- Nichiyu.jpg

[2010/08/22 18:47:02 | 011,854,328 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\fbmwcomic.jpg

[2010/08/22 18:28:48 | 003,752,456 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\ferrari.psd

[2010/08/22 18:26:15 | 000,281,586 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\ferrari1.jpg

[2010/08/21 01:50:59 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/08/20 22:00:50 | 000,133,427 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\44368_124916864222079_100001112979805_139857_5045213_n.jpg

[2010/08/20 11:15:14 | 000,906,906 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Formula 3 Proposal.jpg

[2010/08/20 11:14:14 | 006,265,338 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Formula 3 Proposal.psd

[2010/08/19 23:23:10 | 000,013,849 | ---- | M] () -- C:\Users\TOTAL3D\Documents\Formula 3 Australia.docx

[2010/08/17 22:00:50 | 000,372,234 | ---- | M] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.jpg

[2010/08/17 19:52:55 | 000,076,502 | ---- | M] () -- C:\Users\TOTAL3D\Documents\gic 1.cdr

[2010/08/17 16:29:42 | 000,364,275 | ---- | M] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.eps

[2010/08/16 21:47:27 | 000,010,474 | ---- | M] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.pdf

[2010/08/16 21:46:00 | 000,024,573 | ---- | M] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.CDR

[2010/08/11 19:53:14 | 000,000,132 | ---- | M] () -- C:\Users\TOTAL3D\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/08/04 17:43:36 | 001,065,793 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Untitled-1.jpg

[2010/08/04 17:43:17 | 002,170,310 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\IMG_2087.jpg

[2010/08/04 17:42:57 | 000,749,069 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\test.jpg

[2010/08/04 17:39:37 | 000,721,262 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\exp.jpg

[2010/08/03 18:08:31 | 000,190,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/08/03 16:46:08 | 000,100,864 | ---- | M] () -- C:\Users\TOTAL3D\Documents\2010 Race Calendar.doc

[2010/08/02 16:31:03 | 003,760,859 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\rentcorp motorsport logo 3.eps

[2010/08/02 16:26:32 | 000,173,160 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\rentcorp 2.eps

[2010/08/02 16:26:21 | 000,392,439 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\klassik_porsche_logo.eps

[2010/08/02 16:22:19 | 000,235,381 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\sothys_2005_with_goddess_logo.eps

[2010/07/30 18:40:18 | 000,082,562 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\38220_443146768199_601628199_6092950_2664704_n.jpg

[2010/07/23 17:02:02 | 000,315,924 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\PADAYACHEE_SIDE VIEW.gif

[2010/07/23 15:07:06 | 000,015,555 | ---- | M] () -- C:\Users\TOTAL3D\Documents\racing checklist.docx

[2010/07/15 23:16:20 | 000,000,809 | ---- | M] () -- C:\Users\TOTAL3D\Desktop\Tom Clancy's H.A.W.X..lnk

[2010/07/14 17:49:41 | 000,134,144 | ---- | M] () -- C:\Users\TOTAL3D\Documents\WKRCMemberForm2010.doc

[2010/07/12 01:13:39 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/05 00:14:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/29 00:33:25 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/28 23:36:54 | 000,000,932 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\HijackThis.lnk

[2010/09/28 23:00:29 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll

[2010/09/28 23:00:29 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll

[2010/09/28 23:00:29 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll

[2010/09/28 23:00:29 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll

[2010/09/13 16:10:08 | 000,021,870 | ---- | C] () -- C:\Users\TOTAL3D\Documents\interview 1.docx

[2010/09/07 19:27:22 | 632,153,523 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/09/07 16:08:27 | 003,505,152 | ---- | C] () -- C:\Users\TOTAL3D\Documents\newsletter aug sept.doc

[2010/08/27 14:24:43 | 000,000,732 | ---- | C] () -- C:\Users\TOTAL3D\AppData\Local\d3d9caps64.dat

[2010/08/25 22:43:56 | 000,000,486 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/08/25 13:02:28 | 007,393,715 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Formula BMW car design visual - Copy.psd

[2010/08/25 13:02:10 | 001,107,016 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Formula BMW car design- Nichiyu.jpg

[2010/08/22 18:46:59 | 011,854,328 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\fbmwcomic.jpg

[2010/08/22 18:28:46 | 003,752,456 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\ferrari.psd

[2010/08/22 18:26:13 | 000,281,586 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\ferrari1.jpg

[2010/08/20 22:00:55 | 000,133,427 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\44368_124916864222079_100001112979805_139857_5045213_n.jpg

[2010/08/19 16:33:34 | 000,906,906 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Formula 3 Proposal.jpg

[2010/08/19 16:01:09 | 006,265,338 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Formula 3 Proposal.psd

[2010/08/17 22:00:47 | 000,372,234 | ---- | C] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.jpg

[2010/08/17 19:52:53 | 000,076,502 | ---- | C] () -- C:\Users\TOTAL3D\Documents\gic 1.cdr

[2010/08/17 16:29:35 | 000,364,275 | ---- | C] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.eps

[2010/08/16 21:46:00 | 000,024,573 | ---- | C] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.CDR

[2010/08/16 21:26:07 | 000,010,474 | ---- | C] () -- C:\Users\TOTAL3D\Documents\Rentcorp Font.pdf

[2010/08/16 21:09:56 | 000,013,849 | ---- | C] () -- C:\Users\TOTAL3D\Documents\Formula 3 Australia.docx

[2010/08/11 19:53:14 | 000,000,132 | ---- | C] () -- C:\Users\TOTAL3D\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/08/04 17:38:43 | 000,721,262 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\exp.jpg

[2010/08/04 16:59:40 | 001,065,793 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Untitled-1.jpg

[2010/08/04 16:21:37 | 002,170,310 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\IMG_2087.jpg

[2010/08/03 18:54:13 | 000,749,069 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\test.jpg

[2010/08/03 18:08:31 | 000,190,236 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/08/03 16:46:08 | 000,100,864 | ---- | C] () -- C:\Users\TOTAL3D\Documents\2010 Race Calendar.doc

[2010/08/02 16:31:02 | 003,760,859 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\rentcorp motorsport logo 3.eps

[2010/08/02 16:26:31 | 000,173,160 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\rentcorp 2.eps

[2010/08/02 16:26:20 | 000,392,439 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\klassik_porsche_logo.eps

[2010/08/02 16:22:05 | 000,235,381 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\sothys_2005_with_goddess_logo.eps

[2010/07/30 16:56:03 | 000,082,562 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\38220_443146768199_601628199_6092950_2664704_n.jpg

[2010/07/23 17:01:59 | 000,315,924 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\PADAYACHEE_SIDE VIEW.gif

[2010/07/15 23:16:20 | 000,000,809 | ---- | C] () -- C:\Users\TOTAL3D\Desktop\Tom Clancy's H.A.W.X..lnk

[2010/07/14 17:49:41 | 000,134,144 | ---- | C] () -- C:\Users\TOTAL3D\Documents\WKRCMemberForm2010.doc

[2010/07/12 01:13:39 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/12 01:13:36 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys

[2010/07/05 00:16:21 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/07/05 00:16:17 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll

[2010/07/05 00:16:17 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2010/07/05 00:14:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/07/02 13:37:24 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys

[2010/07/02 13:37:05 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys

[2010/07/02 13:36:46 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys

[2010/07/02 13:36:20 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys

[2010/07/02 13:35:56 | 000,029,288 | ---- | C] () -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys

[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2008/10/28 12:52:39 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/10/27 12:28:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/10/20 13:08:41 | 000,001,356 | ---- | C] () -- C:\Users\TOTAL3D\AppData\Local\d3d9caps.dat

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/10/05 21:05:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/08/28 20:15:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/08/27 23:11:39 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008/06/27 18:48:03 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll

[2008/06/13 12:01:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/06/13 12:01:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/04/11 23:00:51 | 000,211,456 | ---- | C] () -- C:\Users\TOTAL3D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/04 17:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll

[2007/12/15 14:57:48 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll

[2007/12/15 14:44:48 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2007/12/15 13:27:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2007/05/17 12:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll

========== LOP Check ==========

[2008/09/16 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Alien Skin

[2010/04/27 14:44:33 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\BackToTheBeach

[2010/03/22 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/08/29 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\DMCache

[2009/04/20 23:36:42 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\DriverCure

[2008/11/20 14:06:26 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Leadertech

[2008/08/26 18:41:23 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\PTC

[2010/05/24 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Publish Providers

[2010/09/28 23:00:27 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Simply Super Software

[2010/05/24 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Sony

[2010/09/29 03:57:09 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\uTorrent

[2008/11/24 18:22:59 | 000,000,000 | ---D | M] -- C:\Users\TOTAL3D\AppData\Roaming\Xilisoft Corporation

[2010/09/28 17:59:59 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2010/08/21 01:50:59 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2010/09/29 03:57:18 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/09/29 15:48:12 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0AA20888-5870-4E72-8D68-10D62AD2D42F}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Link to post
Share on other sites

Hello again,

Your log shows evidence you are using pirated software (Adobe). Besides legal issues, I want to caution you that this will often come bundled with the latest malware. I strongly recommend you to remove these programs, since during the cleaning process, possible infected parts of such pirated programs may get removed, leaving you with an unusable application.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

    :commands
    [emptytemp]
    [resethosts]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

When done, please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.