Jump to content

Strange trojan infection has got me stumped


Recommended Posts

So this has me completely befuddled. Let me start with a timeline of what has happened, what I've done, ect...

So... 5 days ago, I had a BSOD, IRQL_not_less_or_equal error, followed by an abnormally long restart, and failing applications on start up. I got my system back up and running, and about an hour later I had another BSOD, this time a Page fault in a nonpaged area. I immediately thought I had a RAM failure, so I ran a memory integrity check, no problems. I chalked this up to maybe just a system overheat, I was using my laptop on my bed without a flat surface underneath.

The next day, I get another BSOD, this time I believe it said Unknown error, I had automatic restart on so I didn't get to read the error before the restart. Once again, my computer had an abnormally long restart. After this restart, I started having appcrashes

an example of this from when I was running DDS:

Problem Event Name: APPCRASH

Application Name: PEV.DAT

Application Version: 0.0.0.0

Application Timestamp: 4bd0e994

Fault Module Name: StackHash_586c

Fault Module Version: 0.0.0.0

Fault Module Timestamp: 00000000

Exception Code: c0000005

Exception Offset: 772f442a

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: 586c

Additional Information 2: c2c0012f670e367647f2f382a2e0dc6b

Additional Information 3: 4053

Additional Information 4: 6d464395e62f70b13caace935f0b552c

They are all in the same StackHash, originally it was just GoogleInstaller (Google's auto-update process) that was crashing. But now, AVG is doing it too, with it's Prevalence Reporter service. There have been serveral other apps that have crashed, that I didn't document at the time.

I had encountered the trojan SDBot, Adaware caught it and blocked access, so I didnt think of it at the time. But after researching the symptoms my computer was happening, SDBot was listed as causing the same problems I was having. So I began to think it was a trojan that was causing my problems.

However, AVG returned nothing in a scan, and neither did Adaware, Spybot S&D.

Running Hijack this from its native folder caused an appcrash, however if I moved the program to a new location, it ran.

During a Malwarebytes scan, AVG picked up trojan Cryptic.BHC and attributed it to malwarebytes, but I assumed that was because mwb had scanned over it.

But, throughout the day, AVG caught svchost.exe trying to dial out and download trojans: Downloader.Generic10.ANLO so there had to be some malware somewhere.

Looking through the services with process explorer, I did not see anything out of the ordinary using svchost however, there is one instance of svchost that is using 174000K+ of memory.

This morning, I woke up to my avg autoscan finding 3 new trojans in a C:\Windows\SysWOW64\WerFault.exe, but couldn't remove it because the object was inacessible. I also noticed a suspicious process running: GCJC.EXE. A google search did not return any pertinent info, I ended the process.

I had several app crashes while DDS was scanning, of SED.DAT, and several other components of DDS.

That prompted me to reach out to you guys, because this is way out of my league.

Here are the log files:

DDS.txt:

DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by Porter at 8:52:51.42 on Fri 11/19/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13

Microsoft

Attach.txt

Link to post
Share on other sites

Hello TTUporter

Welcome to Malwarebytes.

=====================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Making some progress!

Okay, I ran TDSSkiller and it found one file: Rootkit.Win32.TDSS.tdl4 (\HardDisk0)

I rebooted to cure it, start up went fine, logged in, and I was met with my system properties dialog and then a BSOD.

Reboot, same thing.

So now I am in Safe Mode.

Here is the TDSS log. However, neither BSOD did not generate a Minidump file so I have no way of showing you guys what happened.

2010/11/26 13:38:41.0181 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31

2010/11/26 13:38:41.0181 ================================================================================

2010/11/26 13:38:41.0181 SystemInfo:

2010/11/26 13:38:41.0181

2010/11/26 13:38:41.0181 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/26 13:38:41.0182 Product type: Workstation

2010/11/26 13:38:41.0182 ComputerName: EDEN

2010/11/26 13:38:41.0182 UserName: Porter

2010/11/26 13:38:41.0182 Windows directory: C:\Windows

2010/11/26 13:38:41.0182 System windows directory: C:\Windows

2010/11/26 13:38:41.0182 Running under WOW64

2010/11/26 13:38:41.0182 Processor architecture: Intel x64

2010/11/26 13:38:41.0182 Number of processors: 2

2010/11/26 13:38:41.0182 Page size: 0x1000

2010/11/26 13:38:41.0183 Boot type: Normal boot

2010/11/26 13:38:41.0183 ================================================================================

2010/11/26 13:38:41.0183 Utility is running under WOW64

2010/11/26 13:38:42.0160 Initialize success

2010/11/26 13:38:44.0817 ================================================================================

2010/11/26 13:38:44.0817 Scan started

2010/11/26 13:38:44.0817 Mode: Manual;

2010/11/26 13:38:44.0817 ================================================================================

2010/11/26 13:38:45.0688 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/11/26 13:38:45.0850 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2010/11/26 13:38:45.0932 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/11/26 13:38:46.0144 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/11/26 13:38:46.0201 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/11/26 13:38:46.0320 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/11/26 13:38:46.0476 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/11/26 13:38:46.0757 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/11/26 13:38:46.0894 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/11/26 13:38:46.0973 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/11/26 13:38:46.0999 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/11/26 13:38:47.0178 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/11/26 13:38:47.0244 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/11/26 13:38:47.0453 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/11/26 13:38:47.0693 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/26 13:38:47.0740 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

2010/11/26 13:38:48.0005 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/11/26 13:38:48.0040 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/26 13:38:48.0168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/26 13:38:48.0236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/11/26 13:38:48.0354 Bridge (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys

2010/11/26 13:38:48.0403 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys

2010/11/26 13:38:48.0545 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/11/26 13:38:48.0587 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/11/26 13:38:48.0624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/26 13:38:48.0659 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/11/26 13:38:48.0853 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/11/26 13:38:49.0157 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

2010/11/26 13:38:49.0314 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/26 13:38:49.0375 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/26 13:38:49.0516 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/26 13:38:49.0615 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/11/26 13:38:49.0816 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/26 13:38:49.0881 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/11/26 13:38:49.0924 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/26 13:38:50.0126 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/26 13:38:50.0271 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/11/26 13:38:50.0530 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/11/26 13:38:50.0837 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

2010/11/26 13:38:50.0877 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/11/26 13:38:50.0956 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/11/26 13:38:51.0110 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/11/26 13:38:51.0470 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/26 13:38:51.0658 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/26 13:38:51.0730 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/11/26 13:38:51.0999 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/11/26 13:38:52.0178 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/11/26 13:38:52.0267 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/11/26 13:38:52.0543 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/11/26 13:38:52.0800 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/26 13:38:52.0891 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/11/26 13:38:52.0970 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/11/26 13:38:53.0059 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/26 13:38:53.0118 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/11/26 13:38:53.0337 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/26 13:38:53.0378 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/26 13:38:53.0641 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/11/26 13:38:53.0827 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/26 13:38:54.0001 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/11/26 13:38:54.0092 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/26 13:38:54.0231 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/26 13:38:54.0348 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/11/26 13:38:54.0505 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2010/11/26 13:38:54.0792 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2010/11/26 13:38:55.0034 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/11/26 13:38:55.0242 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/11/26 13:38:55.0346 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/26 13:38:55.0570 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys

2010/11/26 13:38:55.0772 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/11/26 13:38:56.0007 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/11/26 13:38:56.0179 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

2010/11/26 13:38:56.0407 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys

2010/11/26 13:38:56.0591 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/11/26 13:38:56.0626 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/26 13:38:56.0785 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/26 13:38:56.0909 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/26 13:38:57.0130 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/26 13:38:57.0223 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/11/26 13:38:57.0320 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/11/26 13:38:57.0417 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/26 13:38:57.0569 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys

2010/11/26 13:38:57.0728 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/11/26 13:38:57.0803 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/11/26 13:38:57.0980 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/26 13:38:58.0026 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/26 13:38:58.0264 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/26 13:38:58.0419 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/11/26 13:38:58.0505 L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys

2010/11/26 13:38:58.0751 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys

2010/11/26 13:38:59.0007 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/26 13:38:59.0173 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/26 13:38:59.0246 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/26 13:38:59.0484 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/26 13:38:59.0716 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/11/26 13:38:59.0893 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys

2010/11/26 13:39:00.0017 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2010/11/26 13:39:00.0180 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/11/26 13:39:00.0220 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/11/26 13:39:00.0488 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/11/26 13:39:00.0704 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/11/26 13:39:00.0799 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/26 13:39:00.0875 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/26 13:39:01.0120 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/26 13:39:01.0405 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/11/26 13:39:01.0613 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/11/26 13:39:01.0660 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/26 13:39:01.0900 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/26 13:39:01.0958 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/26 13:39:02.0236 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/26 13:39:02.0400 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/26 13:39:02.0503 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/26 13:39:02.0619 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/11/26 13:39:02.0688 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/11/26 13:39:02.0843 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/11/26 13:39:03.0007 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/11/26 13:39:03.0168 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/26 13:39:03.0197 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/26 13:39:03.0233 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/11/26 13:39:03.0342 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/11/26 13:39:03.0561 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/26 13:39:03.0616 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/11/26 13:39:03.0732 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/11/26 13:39:03.0848 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/26 13:39:04.0007 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/11/26 13:39:04.0199 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/26 13:39:04.0358 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/26 13:39:04.0427 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/26 13:39:04.0485 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/11/26 13:39:04.0701 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/26 13:39:04.0766 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/26 13:39:05.0276 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys

2010/11/26 13:39:05.0642 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/11/26 13:39:05.0714 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/11/26 13:39:05.0983 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/26 13:39:06.0164 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/11/26 13:39:06.0361 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys

2010/11/26 13:39:06.0400 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/11/26 13:39:06.0447 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

2010/11/26 13:39:07.0371 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/26 13:39:08.0017 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/11/26 13:39:08.0056 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/11/26 13:39:08.0213 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/11/26 13:39:08.0373 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2010/11/26 13:39:08.0588 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/11/26 13:39:08.0633 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/11/26 13:39:08.0702 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/11/26 13:39:08.0818 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2010/11/26 13:39:08.0864 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/11/26 13:39:08.0941 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/11/26 13:39:09.0240 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/26 13:39:09.0303 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/11/26 13:39:09.0529 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/26 13:39:09.0586 PSDFilter (2cfd31d41cde75328acaeee2d4f4b836) C:\Windows\system32\DRIVERS\psdfilter.sys

2010/11/26 13:39:09.0764 PSDNServ (51a585f999672d8bb07f22ae12b40846) C:\Windows\system32\DRIVERS\PSDNServ.sys

2010/11/26 13:39:09.0835 psdvdisk (db50d3f5c31b1a848b04f7f2a6ff2709) C:\Windows\system32\DRIVERS\PSDVdisk.sys

2010/11/26 13:39:09.0991 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys

2010/11/26 13:39:10.0041 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys

2010/11/26 13:39:10.0093 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys

2010/11/26 13:39:10.0348 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/11/26 13:39:10.0541 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/11/26 13:39:10.0630 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/26 13:39:10.0773 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/26 13:39:10.0905 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/26 13:39:11.0070 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/26 13:39:11.0127 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/26 13:39:11.0340 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/26 13:39:11.0526 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/26 13:39:11.0615 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/11/26 13:39:11.0760 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/26 13:39:11.0837 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/11/26 13:39:12.0083 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/26 13:39:12.0265 RTSTOR (e8851db71b1a33be35dace8f26780cde) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/11/26 13:39:12.0329 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/11/26 13:39:12.0398 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/26 13:39:12.0548 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/11/26 13:39:12.0598 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/11/26 13:39:12.0652 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/11/26 13:39:12.0824 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/11/26 13:39:12.0870 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/26 13:39:12.0995 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/26 13:39:13.0061 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/11/26 13:39:13.0109 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/11/26 13:39:13.0138 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/11/26 13:39:13.0325 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/11/26 13:39:13.0519 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/11/26 13:39:13.0597 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/11/26 13:39:13.0787 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/26 13:39:13.0842 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/26 13:39:14.0040 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/26 13:39:14.0128 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/11/26 13:39:14.0266 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/11/26 13:39:14.0338 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/11/26 13:39:14.0490 SynTP (0f2e5efdf6730780afea6ec6bf8aacb0) C:\Windows\system32\DRIVERS\SynTP.sys

2010/11/26 13:39:14.0796 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/11/26 13:39:15.0118 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/26 13:39:15.0316 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/26 13:39:15.0364 TcUsb (cbd13e809e81b07116c8d51aa199f69b) C:\Windows\system32\Drivers\tcusb.sys

2010/11/26 13:39:15.0516 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/11/26 13:39:15.0571 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/11/26 13:39:15.0747 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/26 13:39:15.0794 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/26 13:39:15.0883 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/26 13:39:16.0082 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/26 13:39:16.0135 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/26 13:39:16.0277 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/11/26 13:39:16.0363 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys

2010/11/26 13:39:16.0413 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/26 13:39:16.0589 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/26 13:39:16.0651 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/11/26 13:39:16.0798 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/11/26 13:39:16.0864 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/11/26 13:39:16.0990 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/26 13:39:17.0048 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/26 13:39:17.0226 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

2010/11/26 13:39:17.0298 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/26 13:39:17.0441 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/11/26 13:39:17.0516 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/26 13:39:17.0676 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/26 13:39:17.0726 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/11/26 13:39:17.0836 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/26 13:39:17.0912 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2010/11/26 13:39:17.0989 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/26 13:39:18.0099 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/26 13:39:18.0171 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/11/26 13:39:18.0348 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/26 13:39:18.0389 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/11/26 13:39:18.0417 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/11/26 13:39:18.0453 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/11/26 13:39:18.0715 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/11/26 13:39:18.0915 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/11/26 13:39:18.0978 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/11/26 13:39:19.0125 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/11/26 13:39:19.0194 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/26 13:39:19.0229 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/26 13:39:19.0480 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/11/26 13:39:19.0659 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/26 13:39:19.0965 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2010/11/26 13:39:20.0154 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys

2010/11/26 13:39:20.0278 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/26 13:39:20.0523 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/11/26 13:39:20.0570 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/26 13:39:20.0663 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

2010/11/26 13:39:20.0829 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/26 13:39:20.0895 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys

2010/11/26 13:39:21.0031 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

2010/11/26 13:39:21.0097 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/26 13:39:21.0105 ================================================================================

2010/11/26 13:39:21.0105 Scan finished

2010/11/26 13:39:21.0105 ================================================================================

2010/11/26 13:39:21.0127 Detected object count: 1

2010/11/26 13:39:38.0458 \HardDisk0 - will be cured after reboot

2010/11/26 13:39:38.0459 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/11/26 13:39:42.0999 Deinitialize success

Link to post
Share on other sites

One or more of the identified infections is a backdoor rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

And this did not start happening until we ran TDSSkiller and removed that rootkit.
this is a serious infection and is hooked into the system at a low level rootkits themselves can cause blue screen's.

We will get to the bottom of it shortly.

Please see if you can run dds in safe mode and post the logs that open.

It may or may not shed some light on the situation.

Link to post
Share on other sites

Hmmm okay.

Here's TDSSKiller's log after a scan with no objects found:

2010/11/26 19:32:39.0374 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31

2010/11/26 19:32:39.0374 ================================================================================

2010/11/26 19:32:39.0374 SystemInfo:

2010/11/26 19:32:39.0374

2010/11/26 19:32:39.0374 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/26 19:32:39.0374 Product type: Workstation

2010/11/26 19:32:39.0374 ComputerName: EDEN

2010/11/26 19:32:39.0374 UserName: Porter

2010/11/26 19:32:39.0374 Windows directory: C:\Windows

2010/11/26 19:32:39.0374 System windows directory: C:\Windows

2010/11/26 19:32:39.0374 Running under WOW64

2010/11/26 19:32:39.0374 Processor architecture: Intel x64

2010/11/26 19:32:39.0374 Number of processors: 2

2010/11/26 19:32:39.0374 Page size: 0x1000

2010/11/26 19:32:39.0374 Boot type: Safe boot with network

2010/11/26 19:32:39.0374 ================================================================================

2010/11/26 19:32:39.0375 Utility is running under WOW64

2010/11/26 19:32:39.0559 Initialize success

2010/11/26 19:32:40.0587 ================================================================================

2010/11/26 19:32:40.0587 Scan started

2010/11/26 19:32:40.0587 Mode: Manual;

2010/11/26 19:32:40.0587 ================================================================================

2010/11/26 19:32:40.0897 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/11/26 19:32:41.0026 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2010/11/26 19:32:41.0085 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/11/26 19:32:41.0219 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/11/26 19:32:41.0299 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/11/26 19:32:41.0340 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/11/26 19:32:41.0461 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/11/26 19:32:41.0577 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/11/26 19:32:41.0647 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/11/26 19:32:41.0716 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/11/26 19:32:41.0820 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/11/26 19:32:41.0876 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/11/26 19:32:41.0942 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/11/26 19:32:42.0062 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/11/26 19:32:42.0102 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/26 19:32:42.0138 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

2010/11/26 19:32:42.0314 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/11/26 19:32:42.0360 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/26 19:32:42.0410 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/26 19:32:42.0446 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/11/26 19:32:42.0563 Bridge (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys

2010/11/26 19:32:42.0590 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys

2010/11/26 19:32:42.0632 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/11/26 19:32:42.0753 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/11/26 19:32:42.0778 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/26 19:32:42.0813 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/11/26 19:32:42.0929 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/11/26 19:32:42.0999 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

2010/11/26 19:32:43.0112 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/26 19:32:43.0174 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/26 19:32:43.0292 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/26 19:32:43.0346 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/11/26 19:32:43.0503 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/26 19:32:43.0535 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/11/26 19:32:43.0590 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/26 19:32:43.0612 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/26 19:32:43.0758 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/11/26 19:32:43.0851 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/11/26 19:32:44.0012 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

2010/11/26 19:32:44.0042 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/11/26 19:32:44.0065 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/11/26 19:32:44.0213 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/11/26 19:32:44.0412 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/26 19:32:44.0550 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/26 19:32:44.0606 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/11/26 19:32:44.0780 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/11/26 19:32:44.0864 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/11/26 19:32:44.0976 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/11/26 19:32:45.0040 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/11/26 19:32:45.0098 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/26 19:32:45.0178 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/11/26 19:32:45.0234 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/11/26 19:32:45.0280 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/26 19:32:45.0327 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/11/26 19:32:45.0468 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/26 19:32:45.0499 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/26 19:32:45.0671 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/11/26 19:32:45.0811 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/26 19:32:45.0921 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/11/26 19:32:45.0957 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/26 19:32:45.0996 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/26 19:32:46.0113 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/11/26 19:32:46.0148 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2010/11/26 19:32:46.0297 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2010/11/26 19:32:46.0440 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/11/26 19:32:46.0563 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/11/26 19:32:46.0622 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/26 19:32:46.0745 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys

2010/11/26 19:32:46.0792 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/11/26 19:32:46.0928 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/11/26 19:32:47.0000 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

2010/11/26 19:32:47.0168 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys

2010/11/26 19:32:47.0301 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/11/26 19:32:47.0336 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/26 19:32:47.0473 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/26 19:32:47.0553 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/26 19:32:47.0584 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/26 19:32:47.0689 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/11/26 19:32:47.0731 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/11/26 19:32:47.0771 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/26 19:32:47.0857 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys

2010/11/26 19:32:47.0949 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/11/26 19:32:48.0014 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/11/26 19:32:48.0057 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/26 19:32:48.0147 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/26 19:32:48.0216 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/26 19:32:48.0318 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/11/26 19:32:48.0381 L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys

2010/11/26 19:32:48.0495 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys

2010/11/26 19:32:48.0572 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/26 19:32:48.0683 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/26 19:32:48.0733 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/26 19:32:48.0782 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/26 19:32:48.0881 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/11/26 19:32:48.0957 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys

2010/11/26 19:32:49.0082 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2010/11/26 19:32:49.0168 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/11/26 19:32:49.0274 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/11/26 19:32:49.0331 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/11/26 19:32:49.0492 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/11/26 19:32:49.0531 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/26 19:32:49.0574 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/26 19:32:49.0675 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/26 19:32:49.0704 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/11/26 19:32:49.0746 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/11/26 19:32:49.0848 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/26 19:32:49.0911 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/26 19:32:49.0953 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/26 19:32:50.0045 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/26 19:32:50.0083 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/26 19:32:50.0180 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/26 19:32:50.0240 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/11/26 19:32:50.0287 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/11/26 19:32:50.0409 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/11/26 19:32:50.0462 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/11/26 19:32:50.0589 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/26 19:32:50.0630 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/26 19:32:50.0665 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/11/26 19:32:50.0776 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/11/26 19:32:50.0893 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/26 19:32:50.0937 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/11/26 19:32:50.0975 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/11/26 19:32:51.0102 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/26 19:32:51.0172 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/11/26 19:32:51.0298 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/26 19:32:51.0336 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/26 19:32:51.0381 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/26 19:32:51.0496 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/11/26 19:32:51.0523 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/26 19:32:51.0565 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/26 19:32:51.0807 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys

2010/11/26 19:32:52.0042 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/11/26 19:32:52.0080 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/11/26 19:32:52.0123 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/26 19:32:52.0204 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/11/26 19:32:52.0349 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys

2010/11/26 19:32:52.0388 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/11/26 19:32:52.0434 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

2010/11/26 19:32:52.0882 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/26 19:32:53.0305 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/11/26 19:32:53.0344 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/11/26 19:32:53.0379 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/11/26 19:32:53.0539 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2010/11/26 19:32:53.0598 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/11/26 19:32:53.0643 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/11/26 19:32:53.0757 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/11/26 19:32:53.0795 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2010/11/26 19:32:53.0829 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/11/26 19:32:53.0883 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/11/26 19:32:54.0061 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/26 19:32:54.0102 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/11/26 19:32:54.0161 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/26 19:32:54.0252 PSDFilter (2cfd31d41cde75328acaeee2d4f4b836) C:\Windows\system32\DRIVERS\psdfilter.sys

2010/11/26 19:32:54.0286 PSDNServ (51a585f999672d8bb07f22ae12b40846) C:\Windows\system32\DRIVERS\PSDNServ.sys

2010/11/26 19:32:54.0324 psdvdisk (db50d3f5c31b1a848b04f7f2a6ff2709) C:\Windows\system32\DRIVERS\PSDVdisk.sys

2010/11/26 19:32:54.0424 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys

2010/11/26 19:32:54.0463 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys

2010/11/26 19:32:54.0493 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys

2010/11/26 19:32:54.0571 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/11/26 19:32:54.0706 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/11/26 19:32:54.0740 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/26 19:32:54.0762 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/26 19:32:54.0804 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/26 19:32:54.0914 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/26 19:32:54.0937 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/26 19:32:54.0972 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/26 19:32:55.0081 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/26 19:32:55.0116 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/11/26 19:32:55.0226 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/26 19:32:55.0281 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/11/26 19:32:55.0438 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/26 19:32:55.0476 RTSTOR (e8851db71b1a33be35dace8f26780cde) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/11/26 19:32:55.0506 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/11/26 19:32:55.0642 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/26 19:32:55.0681 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/11/26 19:32:55.0709 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/11/26 19:32:55.0751 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/11/26 19:32:55.0868 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/11/26 19:32:55.0891 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/26 19:32:55.0917 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/26 19:32:55.0939 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/11/26 19:32:56.0065 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/11/26 19:32:56.0104 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/11/26 19:32:56.0169 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/11/26 19:32:56.0308 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/11/26 19:32:56.0369 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/11/26 19:32:56.0486 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/26 19:32:56.0530 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/26 19:32:56.0662 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/26 19:32:56.0706 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/11/26 19:32:56.0732 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/11/26 19:32:56.0760 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/11/26 19:32:56.0878 SynTP (0f2e5efdf6730780afea6ec6bf8aacb0) C:\Windows\system32\DRIVERS\SynTP.sys

2010/11/26 19:32:56.0969 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/11/26 19:32:57.0136 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/26 19:32:57.0238 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/26 19:32:57.0297 TcUsb (cbd13e809e81b07116c8d51aa199f69b) C:\Windows\system32\Drivers\tcusb.sys

2010/11/26 19:32:57.0365 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/11/26 19:32:57.0382 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/11/26 19:32:57.0480 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/26 19:32:57.0527 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/26 19:32:57.0594 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/26 19:32:57.0704 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/26 19:32:57.0757 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/26 19:32:57.0866 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/11/26 19:32:57.0896 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys

2010/11/26 19:32:57.0946 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/26 19:32:58.0089 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/26 19:32:58.0120 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/11/26 19:32:58.0231 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/11/26 19:32:58.0273 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/11/26 19:32:58.0300 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/26 19:32:58.0446 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/26 19:32:58.0524 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

2010/11/26 19:32:58.0649 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/26 19:32:58.0696 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/11/26 19:32:58.0742 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/26 19:32:58.0867 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/26 19:32:58.0915 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/11/26 19:32:58.0946 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/26 19:32:59.0033 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2010/11/26 19:32:59.0111 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/26 19:32:59.0142 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/26 19:32:59.0225 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/11/26 19:32:59.0314 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/26 19:32:59.0344 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/11/26 19:32:59.0371 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/11/26 19:32:59.0441 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/11/26 19:32:59.0525 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/11/26 19:32:59.0603 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/11/26 19:32:59.0744 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/11/26 19:32:59.0780 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/11/26 19:32:59.0826 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/26 19:32:59.0838 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/26 19:32:59.0957 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/11/26 19:33:00.0011 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/26 19:33:00.0151 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2010/11/26 19:33:00.0287 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys

2010/11/26 19:33:00.0355 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/26 19:33:00.0422 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/11/26 19:33:00.0547 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/26 19:33:00.0607 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

2010/11/26 19:33:00.0739 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/26 19:33:00.0772 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys

2010/11/26 19:33:00.0919 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

2010/11/26 19:33:00.0975 ================================================================================

2010/11/26 19:33:00.0975 Scan finished

2010/11/26 19:33:00.0975 ================================================================================

I ran GMER as well, heres a log from that.

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-26 19:32:23

Windows 6.0.6002 Service Pack 2

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /EXECUTE /NOEXECUTE=ALWAYSOFF IN/MINT

Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 708

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 460

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 305125534

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 15

Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f71b4dca-c736-4ce7-bdc5-096b265

Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 9839

Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1778

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{1C856371-24E3-4F2D-910C-4D223C747B2D}@StaleAdapter 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C856371-24E3-4F2D-910C-4D223C747B2D}@LeaseObtainedTime 1290799949

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C856371-24E3-4F2D-910C-4D223C747B2D}@T1 1290843149

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C856371-24E3-4F2D-910C-4D223C747B2D}@T2 1290875549

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C856371-24E3-4F2D-910C-4D223C747B2D}@LeaseTerminatesTime 1290886349

Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 6446

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 6447

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 6252 6258 6270 6280 6290 6310 6354 6364 6402 6408 6424 6432

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

let's see if this shows a bit more.

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Okay, here ya go:

OTL.txt:

OTL logfile created on: 11/27/2010 9:14:49 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Porter\Desktop\removal

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): c:\pagefile.sys 4359 6088 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 109.94 Gb Total Space | 15.29 Gb Free Space | 13.90% Space Free | Partition Type: NTFS

Drive D: | 106.40 Gb Total Space | 10.47 Gb Free Space | 9.84% Space Free | Partition Type: NTFS

Drive G: | 1.86 Gb Total Space | 1.16 Gb Free Space | 62.33% Space Free | Partition Type: FAT32

Computer Name: EDEN | User Name: Porter | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Porter\Desktop\removal\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

========== Modules (SafeList) ==========

MOD - C:\Users\Porter\Desktop\removal\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found

SRV:64bit: - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)

SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()

SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found

DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found

DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found

DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)

DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys (Prevx)

DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys (Prevx)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)

DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)

DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)

DRV:64bit: - (TcUsb) -- C:\Windows\SysNative\Drivers\tcusb.sys (UPEK Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys (ManyCam LLC.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6930g

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:00:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/18 03:57:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/18 03:57:56 | 000,000,000 | ---D | M]

[2009/05/30 08:16:38 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Mozilla\Extensions

[2009/05/30 08:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Porter\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/20 01:26:39 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions

[2010/08/04 12:24:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/29 16:12:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/08/04 12:24:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/08/04 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\personas@christopher.beard

[2010/10/20 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\vshare@toolbar

[2010/08/04 12:24:15 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Mozilla\Firefox\Profiles\fho9ksva.default\extensions\youtube2mp3@mondayx.de

[2010/11/20 01:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/11/18 03:57:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/06/01 05:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2010/11/18 03:57:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2010/11/18 03:57:54 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

[2009/06/01 05:20:41 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/06 11:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/11/18 03:57:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2008/09/10 13:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

[2008/09/10 13:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

[2009/12/16 17:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

[2010/10/20 14:31:38 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/20 14:31:38 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2010/10/20 14:31:38 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/20 14:31:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/20 14:31:38 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2010/11/08 05:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml

[2010/10/20 14:31:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/20 14:31:38 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/16 22:00:16 | 000,425,428 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 14659 more lines...

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found

O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)

O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Porter\Pictures\wallpaperhydrant.jpg

O24 - Desktop BackupWallPaper: C:\Users\Porter\Pictures\wallpaperhydrant.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/09 22:29:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2010/09/14 20:30:42 | 000,000,967 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{1f20dd54-4d3e-11de-822a-00238b8f78cd}\Shell\AutoRun\command - "" = TOPHILL\\\maksimus.exe

O33 - MountPoints2\{1f20dd54-4d3e-11de-822a-00238b8f78cd}\Shell\explore\command - "" = TOPHILL\\\\maksimus.exe

O33 - MountPoints2\{1f20dd54-4d3e-11de-822a-00238b8f78cd}\Shell\open\command - "" = TOPHILL\\\\maksimus.exe

O33 - MountPoints2\{8752ab8e-f475-11df-8fab-00238b8f78cd}\Shell - "" = AutoRun

O33 - MountPoints2\{8752ab8e-f475-11df-8fab-00238b8f78cd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{8b71b5ac-e4cf-11df-80c6-00238b8f78cd}\Shell - "" = AutoRun

O33 - MountPoints2\{8b71b5ac-e4cf-11df-80c6-00238b8f78cd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{a7ca09b3-1803-11df-8e59-00238b8f78cd}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 09:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{da03aba0-52d1-11df-847e-00238b8f78cd}\Shell - "" = AutoRun

O33 - MountPoints2\{da03aba0-52d1-11df-847e-00238b8f78cd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 17:27:00 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/11/26 00:49:04 | 000,000,000 | ---D | C] -- C:\Users\Porter\Favorites\Documents\EA SPORTS Rugby 08

[2010/11/26 00:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS

[2010/11/25 18:19:51 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/11/25 18:19:51 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll

[2010/11/25 18:19:51 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys

[2010/11/25 18:19:51 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys

[2010/11/25 18:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx

[2010/11/25 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI

[2010/11/25 18:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2010/11/21 17:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2010/11/19 08:51:29 | 000,000,000 | ---D | C] -- C:\Users\Porter\Desktop\removal

[2010/11/19 05:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB

[2010/11/17 15:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner

[2010/11/17 14:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/11/17 10:15:42 | 000,000,000 | ---D | C] -- C:\Users\Porter\AppData\Roaming\Malwarebytes

[2010/11/17 10:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/17 10:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/11/17 10:15:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/17 10:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/16 21:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/11/16 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/11/15 23:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp

[2010/11/15 23:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan

[2010/11/15 22:16:30 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/11/13 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\Porter\Favorites\Documents\RCT3

[2010/11/13 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\Porter\AppData\Roaming\Atari

[2010/11/13 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft

[2010/11/13 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari

[2010/11/13 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\TurboGo

[2010/11/13 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO

[2010/11/13 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\Porter\Favorites\Documents\My ISO Files

[2010/11/13 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems

[2010/11/13 17:31:17 | 000,000,000 | ---D | C] -- C:\Users\Porter\Favorites\Documents\TikGames

[2010/11/13 17:25:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2010/11/13 17:25:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2010/11/13 17:25:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2010/11/13 17:25:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2010/11/13 17:25:35 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2010/11/13 17:25:35 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2010/11/13 17:25:34 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2010/11/13 17:25:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2010/11/13 17:25:32 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2010/11/13 17:25:32 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2010/11/13 17:25:31 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2010/11/13 17:25:31 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2010/11/13 17:25:31 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2010/11/13 17:25:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2010/11/13 17:25:30 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2010/11/13 17:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hasbro

[2009/01/22 13:02:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/27 09:15:58 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/27 09:15:58 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/27 09:15:58 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2010/11/27 09:12:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/27 09:12:37 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys

[2010/11/27 09:11:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/27 09:11:22 | 000,352,553 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/11/26 22:52:12 | 000,352,553 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/11/26 17:07:22 | 000,038,494 | ---- | M] () -- C:\Users\Porter\Desktop\screen.jpg

[2010/11/26 13:40:47 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3439901652-3735714293-3544349120-1000UA.job

[2010/11/26 13:40:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/26 13:39:48 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/26 13:39:48 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/26 01:16:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2010/11/25 23:00:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job

[2010/11/25 23:00:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job

[2010/11/25 19:11:40 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3439901652-3735714293-3544349120-1000Core.job

[2010/11/25 19:11:07 | 678,639,601 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/25 18:19:51 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/11/25 18:19:51 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll

[2010/11/25 18:19:51 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys

[2010/11/25 18:19:51 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys

[2010/11/25 18:19:48 | 000,000,051 | ---- | M] () -- C:\Windows\wininit.ini

[2010/11/25 01:02:36 | 000,136,192 | ---- | M] () -- C:\Users\Porter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/19 11:19:55 | 000,788,748 | ---- | M] () -- C:\Users\Porter\Favorites\Documents\simplified.3dm

[2010/11/19 10:09:55 | 000,560,234 | ---- | M] () -- C:\Users\Porter\Favorites\Documents\simplified.3dm.bak

[2010/11/19 08:50:20 | 000,000,000 | ---- | M] () -- C:\Users\Porter\defogger_reenable

[2010/11/18 17:02:36 | 000,042,559 | ---- | M] () -- C:\Users\Porter\Desktop\model.jpg

[2010/11/18 16:45:52 | 001,952,298 | ---- | M] () -- C:\Users\Porter\Desktop\model.bmp

[2010/11/17 22:17:42 | 000,006,589 | ---- | M] () -- C:\Users\Porter\Desktop\bottomview.AI

[2010/11/17 22:17:07 | 000,010,061 | ---- | M] () -- C:\Users\Porter\Desktop\topview.AI

[2010/11/17 16:07:17 | 003,247,484 | ---- | M] () -- C:\Users\Porter\Favorites\Documents\svchost.dmp

[2010/11/17 10:15:32 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/17 07:44:15 | 000,001,460 | ---- | M] () -- C:\Users\Porter\AppData\Local\d3d9caps64.dat

[2010/11/16 22:00:16 | 000,425,428 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/11/16 21:44:33 | 000,001,125 | ---- | M] () -- C:\Users\Porter\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 21:44:33 | 000,001,101 | ---- | M] () -- C:\Users\Porter\Desktop\Spybot - Search & Destroy.lnk

[2010/11/15 23:46:10 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2010/11/13 21:03:31 | 000,000,030 | ---- | M] () -- C:\Windows\TURBOGO.INI

[2010/11/13 19:33:59 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat

[2010/11/10 15:15:58 | 000,028,145 | ---- | M] () -- C:\Users\Porter\Desktop\straws1.jpg

[2010/11/09 14:10:14 | 000,057,747 | ---- | M] () -- C:\Users\Porter\Desktop\dhcperror.jpg

[2010/11/04 16:03:59 | 000,002,051 | ---- | M] () -- C:\Users\Porter\Desktop\Google Chrome.lnk

[2010/11/04 16:03:59 | 000,002,013 | ---- | M] () -- C:\Users\Porter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/10/28 13:19:09 | 000,151,598 | ---- | M] () -- C:\Users\Porter\Desktop\dnserror.jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/26 17:07:22 | 000,038,494 | ---- | C] () -- C:\Users\Porter\Desktop\screen.jpg

[2010/11/26 13:45:26 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/11/26 13:45:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2010/11/26 13:45:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2010/11/26 13:45:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2010/11/26 13:45:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2010/11/26 13:40:36 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys

[2010/11/25 18:19:28 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini

[2010/11/19 08:50:20 | 000,000,000 | ---- | C] () -- C:\Users\Porter\defogger_reenable

[2010/11/18 17:02:30 | 000,042,559 | ---- | C] () -- C:\Users\Porter\Desktop\model.jpg

[2010/11/18 16:45:52 | 001,952,298 | ---- | C] () -- C:\Users\Porter\Desktop\model.bmp

[2010/11/17 22:17:41 | 000,006,589 | ---- | C] () -- C:\Users\Porter\Desktop\bottomview.AI

[2010/11/17 22:17:07 | 000,010,061 | ---- | C] () -- C:\Users\Porter\Desktop\topview.AI

[2010/11/17 16:07:07 | 003,247,484 | ---- | C] () -- C:\Users\Porter\Favorites\Documents\svchost.dmp

[2010/11/17 14:30:40 | 000,011,596 | ---- | C] () -- C:\Program Files (x86)\hijackthis.log

[2010/11/17 10:15:32 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 23:50:17 | 000,788,748 | ---- | C] () -- C:\Users\Porter\Favorites\Documents\simplified.3dm

[2010/11/16 23:50:17 | 000,560,234 | ---- | C] () -- C:\Users\Porter\Favorites\Documents\simplified.3dm.bak

[2010/11/16 21:44:33 | 000,001,125 | ---- | C] () -- C:\Users\Porter\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 21:44:33 | 000,001,101 | ---- | C] () -- C:\Users\Porter\Desktop\Spybot - Search & Destroy.lnk

[2010/11/15 23:46:10 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo

[2010/11/13 22:15:39 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2010/11/13 21:03:31 | 000,000,030 | ---- | C] () -- C:\Windows\TURBOGO.INI

[2010/11/13 19:35:13 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At2.job

[2010/11/13 19:34:37 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At1.job

[2010/11/13 19:33:59 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2010/11/10 15:15:53 | 000,028,145 | ---- | C] () -- C:\Users\Porter\Desktop\straws1.jpg

[2010/11/09 14:10:14 | 000,057,747 | ---- | C] () -- C:\Users\Porter\Desktop\dhcperror.jpg

[2010/10/28 13:19:09 | 000,151,598 | ---- | C] () -- C:\Users\Porter\Desktop\dnserror.jpg

[2010/10/18 13:35:08 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BongoSDK.10.v40.dll

[2010/10/18 12:55:36 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/08/11 11:44:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/08/11 11:44:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/02/13 11:44:46 | 000,328,396 | ---- | C] () -- C:\Users\Porter\AppData\Local\dd_vcredistMSI61C0.txt

[2010/02/13 11:44:45 | 000,011,178 | ---- | C] () -- C:\Users\Porter\AppData\Local\dd_vcredistUI61C0.txt

[2010/02/08 22:19:00 | 000,001,460 | ---- | C] () -- C:\Users\Porter\AppData\Local\d3d9caps64.dat

[2010/01/13 11:26:16 | 000,011,746 | ---- | C] () -- C:\Users\Porter\AppData\Local\dd_vcredistUI5D7B.txt

[2009/12/28 20:33:00 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini

[2009/11/25 18:14:07 | 000,000,037 | ---- | C] () -- C:\Windows\entpack.ini

[2009/11/20 21:55:31 | 000,001,068 | ---- | C] () -- C:\Windows\SIDPLAYW.INI

[2009/11/09 01:13:51 | 000,001,007 | ---- | C] () -- C:\Windows\Sidplay2w.ini

[2009/10/31 21:33:09 | 000,000,018 | ---- | C] () -- C:\Windows\cnc.ini

[2009/08/30 17:53:14 | 000,053,248 | ---- | C] () -- C:\Windows\Dit.DLL

[2009/08/30 17:53:14 | 000,000,208 | ---- | C] () -- C:\Windows\Dit.INI

[2009/08/27 14:29:20 | 000,018,816 | ---- | C] () -- C:\Users\Porter\AppData\Roaming\wklnhst.dat

[2009/08/01 18:18:16 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/07/06 09:18:09 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/07/06 09:18:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/07/06 09:18:08 | 002,402,304 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/07/06 09:18:07 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/07/06 09:18:07 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/07/06 09:18:07 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/07/06 09:18:05 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/06/11 05:28:31 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI

[2009/06/10 22:57:14 | 001,051,136 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys

[2009/06/01 08:11:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2009/05/30 15:06:32 | 000,136,192 | ---- | C] () -- C:\Users\Porter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/29 14:54:17 | 000,027,528 | ---- | C] () -- C:\Users\Porter\AppData\Roaming\UserTile.png

[2009/05/29 14:27:35 | 000,352,553 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/05/29 14:27:33 | 000,352,553 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/05/29 14:17:36 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log

[2009/03/26 20:43:25 | 000,006,096 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log

[2009/03/26 20:32:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/03/26 20:32:38 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/03/26 20:30:47 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2009/01/22 16:02:02 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll

[2009/01/22 16:02:02 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/08/16 08:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll

[2005/09/01 00:49:54 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\NBAsm.dll

[2004/10/07 11:50:50 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\nbzlib.dll

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\Windows\SysWow64\bass.dll

========== LOP Check ==========

[2010/07/29 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\.minecraft

[2009/05/30 08:27:44 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\acccore

[2009/05/30 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Acer

[2009/01/22 15:47:57 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Acer GameZone Console

[2009/06/09 02:16:55 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Antares

[2010/05/16 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\AnvSoft

[2009/12/26 14:01:17 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Armagetron

[2010/11/13 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Atari

[2010/03/10 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Autodesk

[2010/08/25 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\autodessys

[2010/11/25 18:46:00 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\BitTorrent

[2009/08/15 09:18:19 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Braid

[2010/05/23 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\ColorSchemer

[2009/06/22 07:44:09 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\DNA

[2009/05/29 14:44:37 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\eSobi

[2010/03/20 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\FileZilla

[2010/09/09 02:34:25 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\HamsterSoft

[2010/05/16 14:47:30 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\HandBrake

[2010/01/21 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\HotSync

[2010/04/07 23:51:17 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\iPodder

[2009/10/08 12:14:37 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\JCreator

[2009/06/18 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\KVIrc

[2009/05/30 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Leadertech

[2010/06/19 23:49:58 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\ManyCam

[2009/07/08 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\MechCAD

[2009/05/29 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\PeerNetworking

[2009/07/07 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Red Kawa

[2009/07/07 14:46:21 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Regensoft

[2010/08/26 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\RenPy

[2010/02/20 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\SystemRequirementsLab

[2009/08/27 14:29:24 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Template

[2009/05/31 23:40:25 | 000,000,000 | ---D | M] -- C:\Users\Porter\AppData\Roaming\Three Rings Design

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job

[2010/11/27 09:15:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/11/25 23:00:10 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2010/11/25 23:00:10 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2010/11/26 13:39:48 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C8B8CEBD

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:54D4173A

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:73933431

< End of report >

Link to post
Share on other sites

and...

Extras.txt:

OTL Extras logfile created on: 11/27/2010 9:14:49 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Porter\Desktop\removal

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): c:\pagefile.sys 4359 6088 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 109.94 Gb Total Space | 15.29 Gb Free Space | 13.90% Space Free | Partition Type: NTFS

Drive D: | 106.40 Gb Total Space | 10.47 Gb Free Space | 9.84% Space Free | Partition Type: NTFS

Drive G: | 1.86 Gb Total Space | 1.16 Gb Free Space | 62.33% Space Free | Partition Type: FAT32

Computer Name: EDEN | User Name: Porter | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 2A 2A 3A E1 83 39 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3439901652-3735714293-3544349120-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{022CA98D-76BF-4413-873D-8F1024A50A28}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{02D8E00D-3C3A-46DE-AD20-51D50A82E422}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{03795FA4-FDD8-4E10-907D-A9D29686AB80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{077975D9-FF9C-48AF-8AA6-312F9C3FCB40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0AE4A66C-342D-4BD2-8EA1-652ECFC42A47}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{15634ED6-6FA1-4940-8DA1-1C6DB2E17AB2}" = rport=137 | protocol=17 | dir=out | app=system |

"{1A7DC866-3C3F-424D-A29E-5DFDA21F2731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{21128EA4-931B-4D0E-9E15-16DA5F9580CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{23D2534A-8DAC-496C-A372-0F535774CB7A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{27BE6D02-48B3-4486-A1DF-F19DC5B2029F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{2B4F9F28-8806-44D5-A8AA-65FA4D943F43}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2B79C9BA-1B82-4E11-A016-D8B6899D6E4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2D1D247A-CB98-4C21-B143-DC5EA3864B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2ED563C4-824C-4DC2-9C88-E7C10BBAE5D2}" = lport=49687 | protocol=6 | dir=in | name=akamai netsession interface |

"{3009F4A4-F22B-47F9-A040-DA37F18BA3D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{336AC3D5-37B5-4E36-8D70-57791B5820FD}" = lport=53865 | protocol=6 | dir=in | name=akamai netsession interface |

"{35853792-4C97-437A-A4F1-3AF9C62D9904}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{387CC842-7C0F-4F6F-9241-BB8BE66DEF1D}" = rport=2869 | protocol=6 | dir=out | app=system |

"{431FCE62-AB1C-40D3-88E7-67C9DAA4D3D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4BC4781D-E823-445A-B047-EF81F351B069}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4EA9F00F-4B01-44DA-8723-57B4EC21DB12}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{57BAD5A8-BE90-4FCC-8CEA-445104739DF7}" = lport=10244 | protocol=6 | dir=in | app=system |

"{60BF676E-7399-4C3A-A9D6-EFD9255B17F1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{6AA2ADA0-A7C6-4FB8-83E5-C2C4AE85064A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{714EC3BC-06A5-4573-A8AC-A485BD520872}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7314D2EE-8A15-4F6A-A67D-40AC2561FE90}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{744B79DC-32CA-48DE-840B-5145CD474399}" = lport=3390 | protocol=6 | dir=in | app=system |

"{7DF9CA25-2C3A-454A-9D84-C6A674C1E1B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7E378582-FE26-4083-8036-75D79AAF4C44}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7E37DE8D-1EF7-4F20-BA3C-D1857C1BCEAC}" = rport=10244 | protocol=6 | dir=out | app=system |

"{8091ED52-B2B2-4FD7-A2E2-7A211CC52BC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{82C20613-1DCD-4502-B48E-656894DF9BA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{84B73E08-7511-4EB6-ABE0-5E69DD4D8563}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8D5B56CC-5948-4329-9088-D64550416FC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9479708D-624C-4D25-8CC4-2048367BB4BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{96D97F64-BD43-41D8-8725-F0BC6F9BA62E}" = rport=138 | protocol=17 | dir=out | app=system |

"{97C46061-1882-4FA4-8918-8D882942575F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9FFF5EFE-CC2C-4060-931A-CE001B80129D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AD567C70-C01C-4D15-A065-77CAB4853C16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B045A97E-660B-4678-9CDF-76C43976AACC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{B0878243-CD3E-41E6-854C-A49C5204C4BE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{B1815781-F50A-404E-BEB2-D3B60F30B77A}" = lport=3390 | protocol=6 | dir=in | app=system |

"{B5267FA2-EC59-427A-8CB9-FD6BD8AC9599}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B6FBA365-7EAC-4F32-A19C-1E2F89B3DA96}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{B7730C66-AC4B-4497-BC71-244643F7F37B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C1CFC56B-38EA-41F1-84D3-326E71E20D53}" = lport=10243 | protocol=6 | dir=in | app=system |

"{CA22DA09-3D2C-43E1-8472-E620EFD212F5}" = rport=139 | protocol=6 | dir=out | app=system |

"{CA71FB94-3CD8-4A36-BF6A-E401EE711D72}" = lport=10244 | protocol=6 | dir=in | app=system |

"{CB40420D-3E3C-4EFC-8827-B75E55360AA8}" = rport=10244 | protocol=6 | dir=out | app=system |

"{CC9F1D89-B659-494C-B45D-19C1C6D863D6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{CCC02B29-F945-42F8-85DB-E86457EE15FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D19681AE-2C0B-4079-94A5-9DEDEB7AE54C}" = lport=445 | protocol=6 | dir=in | app=system |

"{D3C6AF20-EE16-407B-B736-B23E21AAFC81}" = lport=137 | protocol=17 | dir=in | app=system |

"{DBA88B78-B8EA-4ACD-83DC-3D1EF458DC8F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E08D6DCB-E068-4E91-A46B-CC38A5C8B1B0}" = rport=445 | protocol=6 | dir=out | app=system |

"{E28F4849-2846-4F6F-96C5-8A6F63BF962A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E3F92BBC-4361-4D31-A42F-0C6B6A7DFCB2}" = lport=80 | protocol=6 | dir=in | name=orb |

"{E5EBA9A1-1A36-4DDA-9120-E0EA74B4C7C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E729D504-3AF8-4257-9C47-958A28CFD1A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E8C87954-D9E0-488D-9873-5090947F0E2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EDF4ED2E-6BAC-431F-9383-A533763634A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EF9BAE13-0FF8-43F8-827B-456F3CFA7D68}" = lport=138 | protocol=17 | dir=in | app=system |

"{F23ACB15-0AF2-442B-ADFC-3C0E505BDF22}" = lport=139 | protocol=6 | dir=in | app=system |

"{F370157B-8AD6-4470-B463-658F265E864E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FD8D9273-B3F5-4850-9A97-A516288CFB90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FE024836-4F71-45B7-BAC2-53744DAEF5E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0003EF51-FC4F-4BBF-912C-6B4B65F78002}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{008AFD23-DAA6-48BD-8A56-78565F43668A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{02B04E27-542F-4B45-B427-72B0ECD1D94A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{03D69039-0D56-4865-9777-2DA48038B4B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{04BC43B5-193E-4CBA-98F6-C522BAC2052D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0996223E-D8A3-4CC5-8762-552DE78BDA0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{099CDC37-E15E-4AD4-B864-6CEF16692499}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0B53AB28-2481-4623-B6AB-B9F89CC0FAAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0C2E8F04-DB64-42B9-A9BE-74229765A4F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0D59E894-C430-4016-A960-7AD7E07852F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{0D6FA69B-FF0B-4A03-AACC-DEF484F2B6D3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{0E291397-403A-4DA6-80AD-F321ECB07247}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0E8C998F-445F-4E71-93A1-F02940929CC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0F302611-341E-4505-AA15-567ACC0869A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0F3B9F56-74A1-4172-942A-B1F8581B62D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0F5B6348-4D89-4CE1-9BF3-B21CC0F5D8DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0F9B418E-2E7E-4351-87BA-989AA618B602}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{105F5E17-8768-4460-9EFC-38D863AB8CE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{10EE4083-B5EF-445B-B33C-6B15DA8B50E8}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{116FD0D6-DD0E-4C57-9B9F-77FA258EAD1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1227BCCC-F96C-4307-99D6-271E30A0B762}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |

"{130246D8-EF88-4F19-B8FA-85A4BF23293D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |

"{1305D325-1687-4908-8CB5-EF946B9D0579}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1316D2CA-4C28-4606-B320-2A0F52313BEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{133F73C9-9E8A-4B8B-8A68-6A3EB2FBDD3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{13EB9BD5-4683-48AE-A3A5-4079F7FE1272}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{1460049A-42C9-4900-B6CD-80CAD7246C10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{14AE06CE-1668-4924-B5D7-1571F471B537}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{154A32A6-A00D-4C65-960D-A0F2A221B133}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{159DD8AA-CD63-4682-AA3E-925F4BBF4132}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"{170C1420-677D-412A-9585-B6A41AB9955F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{179A4F47-4CF2-4603-B532-1E89EFA61BE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1813D848-5DCF-481A-A5CB-F0421120F358}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{18B3B260-2C1F-4C95-89DA-4941D0C29DAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1ACCE443-D424-4337-BEE0-DB73B9641F1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1B372B9B-FED3-4E13-B106-B7B6F9815D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{1C219C4C-235C-4DDA-AE8C-11B9615B8F82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1C223D63-56B4-4AFB-8EB8-7F4217A272E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1C4A210E-B373-463D-A953-951D8A1CF629}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1D669476-5F6A-483D-A50E-17D161CC6E3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1E5998EB-29C2-4304-BE50-D41FDADEA869}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{1EC9AB9E-AE0A-4974-BAAE-FF904900D9BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1ECAB9D2-4848-4778-AE21-D192B5F6188F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1EF54383-2825-4857-9AD8-DF2C6632334B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1F004F4B-4595-45E8-AB36-13352B6DFE1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{22703BCA-AE54-4CC9-A56A-7C45144D7395}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{23E24430-CE15-4C74-A30E-CE93322B217A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |

"{23F742B2-9966-45ED-BDB8-ADB6520EF015}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{247E776A-3407-44AC-8130-8021C511F1F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{24FABAC6-4766-4ECD-9BCF-37B0CF7CBF87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{253CC287-6072-4DC2-83E6-B2DD2738A8AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{25478BEA-592C-401B-8707-6390F61F42EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{26429637-E275-48A8-9183-33A008764BC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{26BAD11B-AAE1-445B-A4D1-5C433343E73F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{27A19A47-050A-4172-AD57-88A24F79A1F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{27CD738F-244D-4D6A-A996-99DB5ED126AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{27E79AEE-78E4-4309-8A30-C71A859182DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{289E83F2-D657-4AD8-AA48-AA81D185DC06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2AA25A47-19C9-4111-B38D-E415F6AA5F9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2B5C7ED1-8C6E-4959-977F-1171587671CA}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{2B8CA46F-5A32-499B-B5B7-0F1D45CE6123}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2CE3B949-BCEB-4176-834D-AE327702F890}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2DC5B7E1-FE7C-4FE6-90D6-F55EEF2BF26B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2E1F96F1-3551-4DB5-84A4-E7A33CF48116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2E46F726-60F7-4825-A4F6-C56BC797D1BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2F20ABFC-317C-4155-802E-FD1094A221A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2F96B1CE-9904-4108-99D6-5C833348CCFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3032F524-403C-48AC-A550-3271EC5B199B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{312B896A-9095-43A4-BFE9-6337986DA7B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{32248298-902D-40F2-BE99-E4BC2C182E19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3253463C-10DF-4C4A-9248-FDDE49E0493B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3297740A-8BFB-46E4-8DB1-FE5767E4D3F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{32E78757-4272-49A7-9DC6-0F7702AC74E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{33A0AECD-644B-4270-ACD4-848B92F1F460}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{33D763E7-2A2D-45AB-BC26-69089384A99F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{33DC28F0-608C-4F32-98C8-10056BFEAC94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{34AD818F-B2E4-4358-A288-CC10D1E5A264}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{360ECDEF-8CD8-416B-9601-740FBE4227F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3798AECD-C297-4B0A-B5C9-73798C60D6AD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{37C14936-8572-4259-AD43-9A7173B5CE42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3B7605D8-18F0-400D-9E2B-309DE85D99A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3B7F046C-B0E8-4B46-A5DF-56614A3AD174}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3C6DBF61-510D-4136-A5D6-2A8A7C350171}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3CCFF741-CDF7-483C-9ED6-DB5752F3FD33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3CDF1FB9-A5FC-44D4-B3D3-7C388F65144A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |

"{3D8DEAB2-F4DB-4F13-9705-590C4098EB30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3E7D6A8A-53FD-4CC2-9712-0E943FC5665F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3EE00EF9-7F58-40ED-9E76-6C8686A49BB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3F4AAC19-FAF1-459E-951A-78FDD10B21EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4031C915-A7A7-4345-8A58-BBC5E217BCFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{41370105-3469-4BC5-95DB-9D33136581C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{41742DCB-C6B5-4367-AF88-781799675CCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{423B7AD7-2D34-4076-9B7C-159E9634BB01}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |

"{4249ABE7-9021-40D8-BB57-65CD656B3DDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4281B2B9-F6C8-4C84-B175-0787BCE480A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{43FC8960-56C3-4A79-AE0B-03D8B3657418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{446B7177-388E-4210-A3BD-C1A15986CB42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4491C7EB-A7BB-4F69-96BC-BBB91F26DBAF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |

"{44CA3754-574F-42C1-B279-FFDE1151F51C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{46B3EEC8-8471-4543-A062-2CEEDAC7019E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{48931835-E21E-4EED-A91E-30D2E8F0D574}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"{4937BEE4-4ED2-4706-AAF3-26ECAC10C0CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{49BBAF58-AF05-4EAF-AE91-43EDD29A53E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4AB5D15E-3E9E-4B2F-8D12-DC95851B95AF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |

"{4D467616-FEB5-4674-82FE-5881F76A307D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4D8169FF-E5D5-4AE2-80FF-5A50E6ED399F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4ED574C0-555C-42D1-A426-3E9F07EECECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4F058C08-466A-41A6-993E-87171A957DBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4F318F4D-F620-45B8-BF43-C4D646F91B49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{505FBDD7-8D84-457C-BA61-0F50B685E1CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50E616A3-5EAB-44F0-94B2-00BEEB9F89FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{52E6BEE5-C692-4789-9BB8-BFE3A3CD3485}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{52EA938A-C750-42C5-978D-017E3549A28D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{52EBC2B2-D9D9-4214-BA4E-A5D4CD707C86}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{53646345-AB02-4FA8-B905-9E0106D0BD8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5443EF55-2039-46CC-B1B1-1EDD91678264}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{547D72AB-251B-4AF2-B406-E27E3F75A14F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{54A6E8AF-5C9D-46AA-B16F-DF87A2BB22A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{54D714BA-BCCC-48C3-9E64-BDE90628AD4A}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |

"{54F52375-6817-406E-BA5D-056B1E336A58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5502210A-7860-4660-BC3E-C2AC0C49DA2C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{55B7039F-B4DD-4CCA-B690-19B10B84A6B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5665AD32-1D4C-4926-B8BE-AF3BA2E8340E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5709A47C-E58A-453C-93F3-A98CBB588C00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{58C66287-4C44-4680-A162-091A5C888820}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{5924B502-BE0D-4AF6-BE9F-D8260EA7DDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{5A60DFEA-B9D0-48D3-B42E-CFA25E16C4C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5B3E2F14-D9EC-44BF-819C-BD7289DFC6A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5B958D49-8070-4266-B4BF-369622588960}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5BE09356-CED9-4A3B-BF97-410E5A77963A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5BF5B827-DC0C-47F1-BEDF-F11956115ADD}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |

"{5C093415-6FD9-4959-BBE3-B22BCE6CA6EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5CDE3980-C1A1-41EC-865B-4B46C914A2C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5D5A8868-5E5C-4A92-B4F2-5FB3B57FD1DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6059E75E-FB01-4EC3-81A6-E693FED2BCBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{60642A89-D3C0-403E-9391-DC2B64585984}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{60A12E4B-872D-4F25-9FE2-367D9913A032}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{61CBF871-18E1-4D55-98B9-E5917DA2172B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{62630347-0B4C-427E-AA7C-F5B47BD9939C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{62C0D9FC-6E87-456C-A366-A396DCE4548C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{63F80C65-7F09-4A13-B48B-0597ECE81D14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{64F60ECF-9B8D-4F3A-BFD1-E0238E0B25B6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{65780027-E930-4910-9858-449A87F72727}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{658089EF-F0D9-4DDE-BCDE-6BB9F0D97EFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{66381229-C038-45CA-A4B4-55FCE8B91837}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{67127487-C4C9-4486-B7ED-BAD06A1CFC67}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{67678A4F-5659-4171-99E6-C3C47D8EF46C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{68DC47B9-CFB8-4BFB-A7E7-1E29D1B24847}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{69915E4A-B052-4690-84A8-B9B35DFC7231}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{69F92DE6-CC4D-4234-99C0-B759614D21D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6A23AEAA-82BB-477E-86DA-24B67A4BF387}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |

"{6AB0BB8E-3548-40F3-A5F8-B8492CB36DA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6C90C4B4-A865-4D4C-8764-C83BE21207DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6CE7B6E2-E6D5-418E-8DC8-FEA95789A4F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6D27227A-10D6-4989-9D8F-7451A900FEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |

"{6D2C5A45-10FF-4C13-809D-6EF00EFB997B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6D997E45-603C-4EF3-8EE9-7B09E507E1C2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{6EE69232-6531-41A2-81EA-406F1EF31716}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6EED2B93-08DD-4C2B-BA9B-492A495EDF44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6FCF441B-B4A7-4CA3-A6F0-EE22DAE28AD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6FFC905B-0445-4AE7-87A3-38670120CD5F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{706DA17A-BC30-45B1-9AD6-4C79CF236D91}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{7087C130-D203-4C49-A661-15D79299C121}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{70B9A466-FFC4-4B00-829A-88B87E9B1D07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7186A44A-2750-410A-8689-182BD4FA9BDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{71959977-4FFD-4E96-BBF4-329918A1B7D8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{726CCCA7-ADF3-4226-897A-1BD4718EE26B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{731E930C-71DB-4C1A-8A2E-2185493C2B7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{73A8C8C5-1C9A-4177-A562-164271B938BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{74A7EA24-C38A-4FF9-8771-750D94AADB35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{74A886D6-40FB-4989-B591-1A9DCCD75229}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7530BAE8-092F-4A55-A7FB-929334301739}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{76414F66-0971-45F5-85B8-BEC50602B537}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{764F8FD6-1662-45E7-9D3F-9D973462244F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7679ED18-D885-43B5-ADFC-D9ED8502C0AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{767F2C8C-E14B-4F57-86E8-D12F2562FD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{768F449B-901C-4557-A28F-1A1C21D85C03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{76C76E96-FF3B-416A-92C5-FB6D015D4595}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{77498BB4-DCEE-4944-BD64-D8A7A0925846}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{77E6E1DB-F006-4DBF-932A-06217F7C7FB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{784A73ED-A2FA-43BF-93AC-47724C416449}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{79321A2D-DF14-4C55-A9DD-8AB44C4D0D95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{7958B868-F57E-4FDA-8DCF-4D48429F6FDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{79CC373A-BBAA-4739-96C4-78D103B17D91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7A3F6605-48D4-486A-AF91-B8436AB3D284}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7D0C4F2A-7735-4723-9CA4-3EE6AA693A60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7E21A817-1508-4EA7-912C-535B879247C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7E6A959C-DA30-4A50-A23B-299C6BDE1313}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{80DE24D8-6727-4FC7-A2C5-F5FA71138AC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{818EFFA1-0DED-474B-9DEB-8837884A6EDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{82AD03E6-1B92-4A48-9277-3F95ABCC36B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{837EC4B7-74C1-44B6-913B-3EF1F74C0FC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{83A2A310-ABB7-4DC7-A1C1-93BC1366B419}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{83D80259-3CF3-4EB0-9746-006B90FFF5E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{841B9F03-D2C0-4E9D-92B6-D434E98AD552}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{8471E1D5-3EBF-4664-82F9-28DEABA465AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{84C2FFDC-3BBA-4FCB-BF74-C39ED47BFA19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{856F9D7E-0D9D-4880-A70B-39E88E921214}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{85722D61-BEF8-447C-9BE9-DAC52B84E60F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{85AFD0C2-2993-475D-8B74-4FF4020A31C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{862D1D52-1F44-4054-971F-E40C6FD584F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8685F20C-403C-4921-9E69-1787532E18AE}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |

"{86D745B2-0009-452E-90B4-584045E7B2E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8757C0EA-BB5F-4A14-8345-90588FA3F87C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8818B107-D0BB-46A1-A5F7-8A055C42C291}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{882F24D1-E039-4095-BF39-7E098F77F778}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{886CF12F-B91D-45E6-89AD-56FA2906DB8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{88922747-09DF-45B2-BF66-3F841FAE82B3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |

"{88F51817-33E0-4B15-874A-174EFF369B1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{89ABBA9B-AB5D-46AC-8CF5-36DC0B7615F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{89BF4429-E64F-4E7B-914D-2B477650AC75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{8A969A68-710F-4A0C-B633-A371ABEF224C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8CAC482C-7AE0-49E5-9733-7AAA23816942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8CFFCD4E-8DB2-4C65-A5D7-91E6CD615198}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8D749812-E10B-4425-AF7F-2AE8C1EF54A3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{8E6FFF1F-CB1E-420E-ABC2-F0BBE7975545}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8F674F14-82A4-403F-9E81-CA98C7495476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{903FEE6A-F6C2-4BB5-974B-E624DBD85A6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{91B66478-F1E4-4F15-9F27-085536473063}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{932088A7-6B5A-4226-8623-487F55CD9F63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{93951051-9E21-4CAB-821F-A17E9473D552}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{939FBB06-1C2B-48C4-A47E-CFE42EF3BE36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{93F0357A-A940-47B2-BA42-8F748C6EF0DF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{93FB440E-E9C6-4553-94A0-8A6C696B454A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{94111638-07B1-415C-BD98-D02F2BA1CC13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{94F419EE-E4D1-44CA-89AF-D86964F28ED0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{954476F5-8C5C-4849-A3AF-604A09E698EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{95F0CF5B-706D-4FCF-A7C0-C548BA3BF50B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{965B351C-6386-45FE-8D3E-F5697E43095A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{967CE656-8148-4F6F-8EAD-E27F11C533CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{972AD40D-132F-4AC4-B79A-265F74E10326}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{978B18ED-12AB-4340-AF36-AA3F05ED16C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{98875005-3CFB-4089-A43C-6C1054B2F2D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{98CEB294-6F85-4E55-A4D8-15F407AE87B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{998B4125-638A-4CDA-AA1A-00755D12D4BA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{99E9CE54-71A4-4DEB-B53B-789B9F6AD50C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9AC9A77E-7F60-45F6-983C-E6A7A8B0002F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9ACFB481-926D-4738-A484-9A940A55B262}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |

"{9BD2E8AD-76C6-4178-BC8B-D0CB62D91ABB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9C2B10F2-F083-43E5-919E-67ADED913899}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9D540127-03CA-4827-B1B1-5719A3F3E9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9DB74C05-2DA7-42CB-9C2A-02A4D6294379}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9DDC1A0D-887B-4D47-9AC6-2EB4E82BE1CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9DF55972-7B77-4AE7-BF60-04BF4FD9B8F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9F14E293-4144-4FE7-A0A0-35DB6684840F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{9FDB1FA1-1602-499A-B3E8-F69E27B47011}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A02C101E-BDFF-4EFF-BE51-C8B31020CED4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A0CF6358-86DB-472D-9C08-CF821ECDBD35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A169E3D0-69A5-48AD-A4C3-75A064EED13D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A17344AF-68F6-4FE1-8716-6DDA727C27DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A240B569-BA9C-4E35-8268-9597C66941B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{A2E30F7A-D189-45E6-B724-ED9A5F5FEDDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A30B7261-1F5E-4D35-9D24-21C75D3EBB0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A3465A6E-4D04-4392-B399-C3ABDA57352C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A5B0EDF0-3752-4144-96F3-926DF3AEF718}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{A644CB4F-ED72-48AC-91C8-9D873C719F58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A652E843-0A54-4E2C-B288-2DA1F864F705}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{A695F404-DCD7-452B-B0EC-6D82D158E993}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A7281DD9-5BC4-4730-A0F2-415F337DE1B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A773EF44-5EA6-45E2-8BA2-0563D22DB10C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A7C6454D-B96C-47A7-9D33-FDAC12B8AEF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A8B5563A-C2E3-44FD-B22D-8185A472E708}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{A9921517-4E83-4766-87FD-603E8B3FA1B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A9AE3A3A-72FC-44FB-9EBA-4CD19F752321}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |

"{AA0F87AB-28CF-4CC2-BA49-FC7605D3C0AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AA7DAE2D-0CBE-4F8F-ACE5-340BBF572E5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AB135DE0-1000-493B-B581-F293E5DD6384}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AC0CC478-BF7D-4F1C-8DB8-90B32FE08641}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AD8A7E14-FD59-4091-93CC-E949E5371234}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |

"{AE273873-97E7-45C4-A79D-4E14D0AFB017}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AEABBAE6-E196-4849-91BB-5D9E0E05C5C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AEC5A15E-2878-4FE8-88CF-957488E18F63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{AEF53F7B-27E6-403C-B318-1D7D65953782}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AF99AE50-C1B5-469C-8494-37E7CDC2DFA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B0090B54-6045-47EB-AF0D-841AF73E08E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B083582B-CBF2-4517-A1FA-78DFCE6353F6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |

"{B2D379D0-CA5C-48DA-A9F4-253DDB48EC86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B38F777A-83BE-429F-AF1E-DA9D3F76CCDB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B3C41EB4-2056-489E-8487-E50C5A30DF2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B4D14366-F6FE-43DC-89F9-4A4DC73F9A7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B52C56F4-1B8B-4105-91D0-F3F8562B7825}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B55A0877-B1D2-4E96-88BB-7139D6E28A5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B5943A85-C262-4C53-BEC4-4DFACDBBA2B7}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |

"{B5D25090-8D0B-4855-BB58-382A2C8D7B1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B613C297-EB0F-4C3B-8AAC-2F72FE66615E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B6445AE6-58F1-4B10-811E-DD2C37E3E95C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{B686537B-DEFF-4A48-8F2E-E886DDDD186A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B6E377AF-C264-4196-8652-BC7C3F69D615}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B747BC55-94B0-4E00-9185-EE336990983A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B7601353-7979-4766-8FAC-906833AC1126}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B77725D1-0145-48AE-9852-BB3CEFB65F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{B79E0C71-5176-49C2-9138-3B8D7EEBBF9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B933BB3D-A6C0-42FD-B096-86D3E26F8852}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B97441A2-751F-4E28-80D8-BD7E960A7D71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BAAA9430-0DB5-4CBE-94C2-06A9CFAFB2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{BABE9134-B7A9-4F76-8230-45ED841F24F7}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |

"{BAE7C178-38EF-469F-A3A2-00B68604014B}" = protocol=6 | dir=out | app=system |

"{BB901EB7-1EBC-4F40-9676-92C3F03B46A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BB9A7AE7-1BBA-497F-8796-7440588CDEE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BC3D796A-D04A-4015-807D-D5CD0BA24643}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BCEC4214-BF7C-4F72-9224-0A0181C34AED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BD94B82B-192B-4581-9F81-6BDFC23D7369}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe |

"{BFA77C2A-2EB6-4940-9701-AF47751D5336}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BFA9A02E-6BED-4DBC-A811-34094AB34B9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C07C0542-5C67-40C5-87AE-B8D785EBBC33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C0E6DF70-43F8-4FD4-8B89-2252163CDADD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{C12C0CAA-C8DF-42F1-9C53-7A988E7A2D55}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |

"{C1378450-8932-40DA-B664-057C15E01FC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C33D3855-B2EF-4BAF-92C3-4F8BEC7DEC82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C3B6A0D6-0617-4028-AFEA-81F1D72A147F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C3DF7C33-7400-47ED-9371-DD71A67E68A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C4C90FD2-48FB-421C-83D3-9B7127BE5A45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C4F827E3-828C-49FE-8B77-F825061EE06E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C6237B07-1662-41D7-BE3A-2D407B3E34D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C64D65A5-B5FE-4238-BFB0-DD4DA21E8BFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C6A94B75-E143-43C4-A51A-66E53CA44470}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C7EE009E-57DE-461F-A522-1F5365F0089F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C7F5465E-10D5-43BF-8F49-F1ABBD7AB3AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C86B14F7-5254-4FD5-B355-98CD40BDFB1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C93AD922-63AC-45D9-82B2-04D0D94CCAE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CA47C78F-A818-4A3C-A6B6-2130B3CB4EB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CA781608-2BF5-4761-8FFB-4AFC98EA8F1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CABC8D93-BF24-4E9B-AB04-52B656B702D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CB3C8328-9D97-4237-9D97-412C8FB26A4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CBACE6BB-EF20-42FF-A877-1921B18A9563}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{CC01C856-E6BD-4447-85AA-11773B1A47A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CCE819DF-836C-4E6B-90B5-76B5C0CCBFB2}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{CCFAE36D-CAC9-4ACC-BB34-952431B6A91F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CDE8B6A5-9E09-4661-9AB1-CD654147B1D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CE405C78-87D5-4462-8884-FF463110F311}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CE7747E5-9978-437E-B2F6-8FB72C09301E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CEB22CAE-4CD2-4B7A-B367-D94853887E75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CF5A3075-16CF-4F0A-92BD-C3E303DA2457}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D068C713-F908-4D5C-B32E-8C944E2B371B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D0C0C3E5-4F6E-48B9-A65B-068C9C4C01F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{D1943D7A-2862-4B71-BAC2-C6BAC4890BEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D1A599F7-5476-45CA-99DB-D4F0797904C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D20B3B42-D1C6-42B9-882F-878EE3BC30BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D23ED8FB-F245-4E34-BD55-087AD1A374FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D39CD188-E136-4867-AA00-98E038C0D7CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D5303E92-9532-4649-A4BC-3D4B7C23EF73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D578F4D9-4D96-42F7-8791-5E935DA74F99}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{D5B19997-BE74-4B0C-8596-80EF50F61859}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{D78C9713-8717-46A0-860C-C85796883ED8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D8B9F4A7-6230-422A-815D-03EADAB8FFB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D8EF5D94-5AE5-483C-BDCC-1B2500B006EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D97A88D1-4AF4-4070-8DDB-48B8D3815C63}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |

"{D9862ABB-B978-424C-A1AB-98658C8AB79D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D99DFCD0-E86E-4DBE-BF4F-C2DB65B39876}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DAFD7180-1E0B-4F4A-9A85-7E31BF11FCF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DC8E87A0-0111-4361-97BE-E5CA71F0D244}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DE31CCDD-F282-45DF-B6B0-3462983686E1}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |

"{DEC4B99D-4541-4920-8989-22C1570EBDFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DF5B568F-6FD8-46CC-BC94-B0E916FA14F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DF6B2C1C-8D8C-4DAD-82EF-70AF3218ECB4}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |

"{DF6F458D-A3D5-43B3-B384-81C026F24581}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DFA24437-366B-4318-9C30-B857F096F925}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E035B426-76D9-4043-862A-A45D31CCE0C6}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |

"{E15F67A6-17E6-4512-84A6-BC1A3A771673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E2408899-E21F-410E-9F73-7489AB9D5673}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |

"{E31019FB-98B5-48F4-A28F-DAAA5DA6F3E3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{E40A679D-31C9-4850-A2FB-5FC62C9A5074}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E42A753B-B812-4EA4-9F1A-EF1C1CDDAEC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E4942DD9-C1E6-4BA0-8B8E-EFAB7AA7CB1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E682393A-F485-4638-BD78-5F145277F787}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E76421A4-65FA-4D67-AE9D-0235BB498A16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E78D0C51-DFE3-4F7F-8D62-02E237D463FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E925B4F2-DA37-428D-966A-99CB2F668F1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E9B705AC-A01B-44A9-857C-CBA2FF6E96C0}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{E9C15436-FEF4-4954-8EDE-1343E6672C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EA2F7CF2-89B7-4BBA-9508-B13B88DA11D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EA8D3EF8-6B58-4C38-A747-1C8457A72787}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EA9E6121-FC6B-4FAE-B39F-5FAC13B45528}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EB7D4B41-5A90-4432-A0F4-9ABD00999C46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EB9527AD-061F-4B7A-A90F-98F6860BF70C}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{ECB2D0AD-1AB4-4F40-9771-EC6126183EF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{ED87DF0E-3570-43E7-B5AE-4203DD31D476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EE165A80-ABBE-4002-87DD-10222EDF1F2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EE9BFA7F-784C-480E-A028-E5E5E66B33B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F0DB7C6B-E81D-4C1E-9EB6-26E737DF2B6A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{F0E97393-0A39-4F68-8B65-E5C30EF41E8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F143F54B-FBD3-4AA5-A7F7-937E690F7E96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F1DAF243-A113-4293-BF90-AFAEC964C4D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F20F4015-7425-4A25-A160-3AC14363FFC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F225CCC3-BB61-46A9-B2BF-AA3AD3DD30DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe |

"{F2737332-BADE-4E4D-B442-494C55A610A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F2CF3B2A-FB51-44C1-A0CD-F95EDA1C194B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F2E2FB4A-8715-4BDA-A0CD-C9B928664F0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F2FEA482-0794-4A97-A6D2-FFA18D47C115}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F3B7B494-418B-45A9-A26B-47DAD8EDB458}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F3C66604-0B83-468E-98FA-4FD4AABA5C9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F4869BFC-EF92-4CA9-A317-537A4F22CF36}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |

"{F4E64F74-B927-44F9-8D1E-B525C1ADC363}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F56045EC-5378-494E-9322-2085C0D0FAE8}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{F5C99429-9CAB-48A4-BC6A-EEC8BF61C23F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F651210F-5C0B-46D6-99B4-5B917C80F0EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F6D942ED-21EF-4A77-9D08-6CF9B12D2FDD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F72153A4-6B95-4989-88C6-1E98FBEA5042}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F81A21CA-4919-4D1F-89FE-5CEC208C27CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F870CD63-24E8-4BF0-8349-96A2AA79E96D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F91A61DB-9A06-49DA-AFB1-5093F2EDD966}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F9781CCC-E8EF-4D81-8460-BED6E30BCD32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FA0BDC15-08BD-4499-8571-076F1C6CE47F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FB4ACA58-F727-4CC7-A8EF-7A6598F97013}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FBEC72AD-E663-44F5-A273-B6561023912F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |

"{FBFE8979-1EBB-4D35-ACEF-CFDD33A95730}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FC18E9D9-6E71-41EF-AC90-7BA0A2271B9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FD1E2E19-533C-456C-9632-1CC11B50EED0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{FD77F304-1F23-4823-A317-93E171D64036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{00308E38-2E90-483D-B9B1-8C8DC9974A96}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{06A49756-7512-4807-8343-B8D5A5137861}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{0914EEA2-2FCC-41B4-BD10-B81795C06487}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{163F83EE-21EB-47DA-920D-B5F5477817FD}C:\users\porter\favorites\documents\downloads\autodessys.bonzai3d.v1.00.build.7306-engine\files\bonzai3d\bonzai3d application 1.0\bonzai3d.exe" = protocol=6 | dir=in | app=c:\users\porter\favorites\documents\downloads\autodessys.bonzai3d.v1.00.build.7306-engine\files\bonzai3d\bonzai3d application 1.0\bonzai3d.exe |

"TCP Query User{1CC7A04B-3E3A-4818-A594-24EFBBE79E28}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{20009168-87F1-41BB-899E-646943E9F8A1}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\source sdk base\hl2.exe |

"TCP Query User{2469CB7B-69AF-462F-A565-082440A5F8E7}D:\games\scrabble 2009\scrabblepcr.exe" = protocol=6 | dir=in | app=d:\games\scrabble 2009\scrabblepcr.exe |

"TCP Query User{24D6BA0E-FDDE-4450-8315-AFD5F0C9195E}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe |

"TCP Query User{2BBC0897-D09F-4F49-8FDA-ECAE344124C3}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |

"TCP Query User{305114A4-379B-4A13-ACBD-8F76D37AC517}D:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\games\tmnationsforever\tmforever.exe |

"TCP Query User{37F8FA8E-C62D-45E2-AF76-1D9588129F49}C:\users\porter\desktop\steamstats.exe" = protocol=6 | dir=in | app=c:\users\porter\desktop\steamstats.exe |

"TCP Query User{4BCFC136-CFED-4D9D-857E-2283785A5D08}C:\program files (x86)\kvirc\kvirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kvirc\kvirc.exe |

"TCP Query User{4C5E1254-C718-48CA-808F-EFBF3578C229}C:\users\porter\desktop\gg2_lobbyfix\gang garrison 2.exe" = protocol=6 | dir=in | app=c:\users\porter\desktop\gg2_lobbyfix\gang garrison 2.exe |

"TCP Query User{4E37F468-46B8-489A-98AC-A5BCBF8FE336}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"TCP Query User{4F65BEBA-C672-4B28-9C61-91018D137449}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe |

"TCP Query User{5126A29A-4D15-4A1F-8E97-9B8282BBCA74}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{535AC4CF-1199-4D05-B113-3A39A9F51BDD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{568D11E5-BFAF-423D-A2D5-4864194310E2}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\dystopia\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\dystopia\hl2.exe |

"TCP Query User{57DDC9CB-86A5-45A0-9849-AD991FA7AF04}C:\users\porter\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\porter\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{5A7D5063-5DC7-4B28-A034-D5BF8A216D03}C:\program files (x86)\bonzai3d\bonzai3d application 2.0\bonzai3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bonzai3d\bonzai3d application 2.0\bonzai3d.exe |

"TCP Query User{5D91D30D-9B18-4E2A-8D33-2CA129D91756}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |

"TCP Query User{74C625D0-2D37-47E1-BC29-FDE1EEDA488A}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |

"TCP Query User{7676411F-978A-4828-A15A-0A4CB00AAB03}C:\program files (x86)\bonzai3d\bonzai3d application 1.0\bonzai3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bonzai3d\bonzai3d application 1.0\bonzai3d.exe |

"TCP Query User{77FA164B-8132-4EA2-AEAD-767C1809C0C3}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"TCP Query User{7B34BC39-23B7-4B8A-8425-9295E63BAD6F}C:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe |

"TCP Query User{A158FD86-1DA0-4ACC-8DFD-C46E03787D0B}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"TCP Query User{A990A7CC-1B57-40F7-905E-E2A089215596}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\half-life 2 deathmatch\hl2.exe |

"TCP Query User{AA300B71-B2D7-40E6-BCAE-4731298F3B6F}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress classic\hl.exe |

"TCP Query User{AE9423FA-0F0F-4B03-B55D-DF5BE8BE62AD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{B35C2282-7797-4020-BDF2-53891DDE7AA7}C:\program files (x86)\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |

"TCP Query User{B4DC3231-3407-4DD2-A826-D47825A7319E}C:\program files (x86)\netbattle supremacy\pokebattle.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbattle supremacy\pokebattle.exe |

"TCP Query User{BCDEB680-3228-4DC4-9C39-4F1041E0252B}C:\users\porter\desktop\steamstats.exe" = protocol=6 | dir=in | app=c:\users\porter\desktop\steamstats.exe |

"TCP Query User{BE66D63B-99B6-47C1-91A5-EBC41F3F8FFC}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |

"TCP Query User{C69DBE11-297F-4659-A99F-EDFF6CA46CC2}D:\games\scrabble 2009\scrabblepcr.exe" = protocol=6 | dir=in | app=d:\games\scrabble 2009\scrabblepcr.exe |

"TCP Query User{CA59D417-EECF-45FB-9975-73770DB215EB}C:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe |

"TCP Query User{DB805394-847C-4ABE-9EAE-9249C231AECC}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |

"TCP Query User{F5261AA6-BE88-472F-ACEA-5F701D3E68CF}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe |

"UDP Query User{3451F1E6-C83D-4B06-9967-24A808394B5B}C:\program files (x86)\bonzai3d\bonzai3d application 1.0\bonzai3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bonzai3d\bonzai3d application 1.0\bonzai3d.exe |

"UDP Query User{36C3F54D-0388-42CE-9A32-7A353CABD8AD}C:\users\porter\desktop\steamstats.exe" = protocol=17 | dir=in | app=c:\users\porter\desktop\steamstats.exe |

"UDP Query User{37DB6F19-1613-4105-8C48-A7250DB1B750}C:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe |

"UDP Query User{3A3B7AB7-52C8-45BB-B184-124A6AD91B5F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{3C89FCA0-85EC-473B-95A6-6669B11DAA23}C:\users\porter\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\porter\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{3F85AEB3-CCB9-418C-8D97-AC1BDE51F1F8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{54AC009D-BF0A-4903-9F5A-20E1A7B2F8F0}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\source sdk base\hl2.exe |

"UDP Query User{5F87E9B0-42AA-436E-BD2E-EC9FD2B50381}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\counter-strike source\hl2.exe |

"UDP Query User{61D93EE3-0EAC-453D-9880-D00C6E5A71DD}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"UDP Query User{6971CD80-B5BC-4F1E-B79E-4CF4C3B14552}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\half-life 2 deathmatch\hl2.exe |

"UDP Query User{6DBA2275-8AA2-49F7-B2B2-C0F3FFDE4C8A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{76AF7F4C-6C7F-442F-B574-A7FC41DAE82C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{7B94AE68-E5B6-4906-A4B9-F375119C59CD}C:\program files (x86)\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |

"UDP Query User{82BAF557-63D4-4EB1-9B8F-543460A0CA24}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\dystopia\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\dystopia\hl2.exe |

"UDP Query User{882D4109-F3E7-4C80-A385-91A22028F396}C:\users\porter\favorites\documents\downloads\autodessys.bonzai3d.v1.00.build.7306-engine\files\bonzai3d\bonzai3d application 1.0\bonzai3d.exe" = protocol=17 | dir=in | app=c:\users\porter\favorites\documents\downloads\autodessys.bonzai3d.v1.00.build.7306-engine\files\bonzai3d\bonzai3d application 1.0\bonzai3d.exe |

"UDP Query User{8C61B291-2EE7-4A93-A18E-CC0DD609380A}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |

"UDP Query User{911FCC05-D5FA-4EA6-87AA-6E1FA6F2604A}C:\program files (x86)\bonzai3d\bonzai3d application 2.0\bonzai3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bonzai3d\bonzai3d application 2.0\bonzai3d.exe |

"UDP Query User{945440F9-6E79-48FD-A4F8-41D855B3F883}D:\games\scrabble 2009\scrabblepcr.exe" = protocol=17 | dir=in | app=d:\games\scrabble 2009\scrabblepcr.exe |

"UDP Query User{97496E79-D5EB-4CC1-ACD9-A79688073C07}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe |

"UDP Query User{A817D2C2-DCA2-4A59-A55D-FEB818E45826}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{B545E71E-9F3A-40B4-8C60-1EF434314F11}D:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\games\tmnationsforever\tmforever.exe |

"UDP Query User{BA28D373-CD45-4CDF-A549-E61C8A12A369}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"UDP Query User{BAD35AF8-6A21-4CED-86FF-B71C088D8B15}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress classic\hl.exe |

"UDP Query User{C4F5D6D7-DF5A-46A0-B8B6-E08621551150}C:\program files (x86)\kvirc\kvirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kvirc\kvirc.exe |

"UDP Query User{C58B80DF-8A41-43BD-ABDF-88A377543498}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"UDP Query User{D2AC91FC-A3EF-4925-80B6-164117CBEAFB}D:\games\scrabble 2009\scrabblepcr.exe" = protocol=17 | dir=in | app=d:\games\scrabble 2009\scrabblepcr.exe |

"UDP Query User{DB04C720-8D45-42C6-9AA8-A5A4D3248A00}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |

"UDP Query User{DBD63A3A-63F8-428F-A5B0-2CA2B21D24AD}C:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nights__the__hedgehog@hotmail.com\team fortress 2\hl2.exe |

"UDP Query User{E21DBDD1-9054-4EE7-BC33-6F5E117CF69D}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"UDP Query User{E4985453-3C60-4F12-9218-05B5656E67C2}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |

"UDP Query User{EAEA6858-3464-475C-97B6-7F5195E5C985}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |

"UDP Query User{EB97FA44-EA1B-4701-8682-664F0273671E}C:\users\porter\desktop\gg2_lobbyfix\gang garrison 2.exe" = protocol=17 | dir=in | app=c:\users\porter\desktop\gg2_lobbyfix\gang garrison 2.exe |

"UDP Query User{EF8ED72B-9789-4E07-B1BE-5C81194AE57F}C:\users\porter\desktop\steamstats.exe" = protocol=17 | dir=in | app=c:\users\porter\desktop\steamstats.exe |

"UDP Query User{F0504AC3-9323-4F81-AEDC-B7F7DDE3C20D}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{F44E0E0E-D44A-442B-8F95-ED4A95B12991}C:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe |

"UDP Query User{F5A2026F-A348-4EC6-AA30-A61DF9811250}C:\program files (x86)\netbattle supremacy\pokebattle.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbattle supremacy\pokebattle.exe |

"UDP Query User{F94BBD07-4DE8-4D47-A10E-BBB0B65A4B46}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{5783F2D7-8004-0409-0102-0060B0CE6BBA}" = AutoCAD Architecture 2010

"{5783F2D7-8004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - English

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Windows\tasks\at*.job

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

After that fix reboot normally and let me know the results

Link to post
Share on other sites

Okay heres the log generated by the fix:

All processes killed

========== FILES ==========

C:\Windows\tasks\At1.job moved successfully.

C:\Windows\tasks\At2.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1

User: Mcx2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67339 bytes

User: Not Porter

->Temp folder emptied: 3288804 bytes

->Temporary Internet Files folder emptied: 53199917 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 68576480 bytes

->Flash cache emptied: 3975 bytes

User: Porter

->Temp folder emptied: 972914871 bytes

->Temporary Internet Files folder emptied: 57552931 bytes

->Java cache emptied: 56562077 bytes

->FireFox cache emptied: 72337392 bytes

->Google Chrome cache emptied: 178954102 bytes

->Flash cache emptied: 457560 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9389656 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 10045169 bytes

Total Files Cleaned = 1,415.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11272010_100249

---

I will say this, my start ups prior to that original rootkit removal used to take an abnormally long time, but since then they have been back to the quick speed that they were at before I got infected.

Also, I have no problems getting into Safe Mode and staying it it, no BSODs or anything, only when I try to boot normally does it crash.

Link to post
Share on other sites

Hmm ok since we have no information about what is causing the bsod let's do a checkdisk.

Go to start in the start search box type in cmd when it appears near the top right click on it and choose "Run as Administrator"

When the command prompt box opens type in chkdsk /r C: then hit Enter.

It should tell you that is cannot mount the disk and to do it on restart then type Y to schedule it on restart.

When the system restarts let it restart normally and it should go through a series of checks.

Once that completes see if it will boot normally.

Let me know the results.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.