Jump to content

Recommended Posts

Im running vistax64 noticed the other day it was running slow and started freezing and crashing. Mbam picked up a trojan in my registry called rogue.antivirus.suite.gen

rebooted in safe mode, did full scan with Mcafee and it detected another trojan in my \users\aplication data\ folder.

Since then I have followed all the steps listen here http://forums.malwarebytes.org/index.php?showtopic=9573

Here is the DDS Log and the others are attatched. Thank you for your help and your time is much appreciated!

DDS (Ver_10-11-27.01) - NTFS_AMD64

Run by Loren at 8:28:23.44 on Wed 12/01/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_14

Microsoft

attach.zip

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Hello Elise,

Thank you so much for your reply :( . As I mentioned before my computer became infected with 2 trojans and started blue-screening, freezing, and running very slow. I followed the initial instructions listed on the page and it would seem that the trojans have been removed. My computer seems to be functioning normal again, but I also know that this doesn't necessarily mean its free of problems. This computer is very important to me and has lots of time and money invested in it. I have backups of my most vital information, but I want to make sure it's functioning with a clean bill of health.

As instructed here are the OTL logs.

Extras.Txt

OTL Extras logfile created on: 12/3/2010 2:17:16 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Loren\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): c:\pagefile.sys 6138 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 463.58 Gb Total Space | 158.48 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 49.95% Space Free | Partition Type: NTFS

Drive I: | 1.89 Gb Total Space | 0.95 Gb Free Space | 50.36% Space Free | Partition Type: FAT

Computer Name: LOREN-PC | User Name: Loren | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1259282554-1284673277-1812190336-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 02 26 F5 12 0A F9 C9 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03299B35-4DAF-4518-84DB-26A715214018}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{05975058-B408-4C47-95B7-6DDC233DBD9F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{06085AC9-65BC-4F69-AB8A-32AA13600C77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{07345EFC-9F4E-4A14-90C9-88F490297974}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{12205336-0347-4A3A-B321-2F0AF62FCC90}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{169B4092-4F6A-4E8D-92A6-9ECFE443AD2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C0A84E9-0159-4A2F-8984-B8396860A1D5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{1E34CC4C-6474-47FB-9677-CCCDF9670652}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3A50E835-9DE1-435A-A054-E540E4F7AC9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3A5D79AC-78ED-4A6C-B941-582D3A322330}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4AD0FC1A-6D70-46BE-A92C-2F7632F19117}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4BFED3A5-5109-47B9-93FF-A814F32FB305}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4C8BE76E-17D1-455D-A97F-3D8F7FA21CFE}" = rport=10244 | protocol=6 | dir=out | app=system |

"{5B0F8A48-66A3-4841-84D8-089326AA329C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5C0D99F7-C27E-4034-B3EE-1B0AE3616828}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5E953987-10CF-43E3-BFCA-48C0CEA158FA}" = lport=3390 | protocol=6 | dir=in | app=system |

"{6A83A9F2-7EC9-4A3E-92FD-02F015CFACF5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{73B0BA93-07A3-4FCD-BCA5-C31B8EE40D3A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C6C348C-DE2A-497A-AB98-3668B282F4FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{96223AAF-166B-4ADC-BDCE-5F1547233ED4}" = lport=3390 | protocol=6 | dir=in | app=system |

"{98B3F18E-A08A-4413-8D30-1D029D603289}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9AB0EA9E-6211-4F0D-8843-17058231FCA3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9E3D38D0-767A-4FD1-8D12-F3234B97B4D5}" = rport=10244 | protocol=6 | dir=out | app=system |

"{B7448E73-D2D0-4653-9B85-2B13863C54E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BE58A9C2-7F41-45D2-A495-BB7E5D3CBC3E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{C015CE57-BD69-4ADF-AE1D-81922F467630}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C2A3321F-634B-41B9-A944-B6B58CB5BDB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5BFBC4F-6DCA-4BEE-993F-C36B17E4551D}" = lport=10244 | protocol=6 | dir=in | app=system |

"{CCFBD6AE-7034-498A-BF1B-D289623BCA81}" = lport=10244 | protocol=6 | dir=in | app=system |

"{CF1C4959-88DA-40F4-97C9-253A4F3D8042}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E2E7399B-96A8-4A90-8A17-481CA3ACD197}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E5C8191F-7A21-49BF-99F3-BF6DEB9387C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E769FB0C-D5EA-46D2-87FA-B6C1B78A37F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F1E8C009-D087-4984-A97B-1F9DC2387DBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F5899E7C-C601-4211-B5BB-233C610C0021}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04C83D57-411B-42F5-9DC9-98BF3DE3C9E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{04CE9606-CB90-48D5-9981-7F9CFA3747F7}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |

"{08E14279-776C-4E84-8DD5-9CA3E9F35D41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{0E034C8B-5F12-4D10-AC4A-85BF7808FF81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{12DCE13F-1E2D-412E-B19C-C79AB8BE296C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{13939885-207C-4B11-ACEC-432425E01398}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{175E6BFF-EECE-44B2-BA6F-6DCD4636CA52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe |

"{18A4B0F5-E3D5-4456-8605-F363E3018164}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |

"{1BF7D41E-DC36-44D2-A324-ED42260BE702}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{1F92AAD2-86AD-4BCB-B573-AF32AE7399E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{209CB591-0909-4746-BBDF-EA87085676CF}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{2746FA8C-888A-4E59-BD51-3EBFF963929C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3100CCDA-5D46-4190-B501-26E29DB83149}" = protocol=6 | dir=in | app=c:\program files (x86)\gigatribe\gigatribe.exe |

"{335C70CA-B16B-4F65-936E-D3E963C97521}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{39EFBA43-1B19-4397-A1D8-D38A33B12A91}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |

"{3DB83ED3-D2EB-4A23-A332-25459F323240}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{42928E94-669B-4FEA-9B84-1DD804B26625}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{4BBCA6FE-C52E-4CF6-AE97-33C1B4F8E136}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4BD66EF2-471F-4357-91C4-7B5788912AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{4F43CFFF-3251-4D15-8D4F-3D2660AD75C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{50D1E1F4-19EA-4AF1-83D2-B3A53F6EDE67}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{5499AFF8-CCD2-452F-A431-39E552F0EC70}" = protocol=17 | dir=in | app=l:\starcraft ii\starcraft ii.exe |

"{5612A610-A64E-4807-A0E5-3E1611EE04F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{56179791-728A-439C-A0B5-659F3C7F7263}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

"{5E4999E1-E597-47B7-9E3C-032A02C6723D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6356B004-DD23-4C7F-92E2-2F7D04958D06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{646A91A9-70A2-447E-AB84-A3E60015B66F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{660816B8-4586-4A02-8EA0-062AAEE85E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |

"{67082073-4E4A-4B82-A050-304668166F00}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{68337FC7-E35A-47CF-B3FA-C9C835F43D2D}" = protocol=17 | dir=in | app=c:\program files (x86)\gigatribe\gigatribe.exe |

"{6A4A07AF-1948-487A-AE12-BD2B59776160}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{6B681EAA-953B-455D-8649-1E06B6BAFD70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe |

"{6BCB74F2-AFC5-478A-8185-E5CB827C48E2}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |

"{7391024C-25DD-47C4-9C09-E1E0DDB8882C}" = protocol=6 | dir=out | app=system |

"{749B97B8-CCAA-4223-825A-6952865337C4}" = protocol=6 | dir=in | app=l:\starcraft ii\starcraft ii.exe |

"{79411B2F-8907-4BEB-B79A-8E14E7598464}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{7C4A7F2E-0BDD-4610-ADAB-4BE70F7DF5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |

"{8494F085-E104-43E2-BC19-EAB6CCD03BED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8F895FFF-F5C1-48A1-9417-1C0817B6D9E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{921A9034-8C82-42ED-977C-7372AC4662A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{9B0C75D2-33E7-4D37-B44A-F5C6574BF8F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A038194D-1C9F-4608-A0DC-E27026578035}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A2585E43-8BF4-4DA7-B0B0-447A58999A43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{A52E6E3C-9D73-4071-98AC-E03351807552}" = protocol=17 | dir=in | app=l:\bittorrent\bittorrent.exe |

"{A5C5B344-3A8F-4D8B-BB05-E5CF828FF260}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A7CE4A01-FE15-40F5-99BA-0E96038EC949}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{AD7D1555-353D-4FB2-AD7E-C451F778D28F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B109C88A-08A1-4A24-8B5B-EA6D00138F43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B2D16AA8-7232-407F-A67E-41A196DCB93A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{B4CC8A3A-9752-49A4-968C-8C03D7AB3720}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{B4EC26C4-3A92-4767-8565-0F6AEB424F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{B6FD3A99-5CF2-4872-96EA-43EEC558581C}" = protocol=17 | dir=in | app=l:\scii beta\starcraft ii beta\game\starcraft ii.exe |

"{BDA3562B-EA65-42D5-B86F-AA0B7A9E9D5D}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |

"{BF52213E-6D6D-4BEF-B1A9-87DDC07E2F19}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{C276C34A-0AD6-4772-A8FD-3AEF0C5410F9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{C3CE86D0-5341-451C-954B-03E98939FF63}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

"{C735028E-AFD1-49D5-8490-AEA48F5DF1F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D0E7A048-EA58-4616-A95F-DEFDA5CA78B0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |

"{D176741F-B85C-4F0F-B1D2-7E2BC5420217}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{D1A1DFBF-A91C-46B4-891A-9DA19029A9E8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D1E1363C-341F-49E9-9759-E5FDAF215B15}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{D6642DD3-9D40-4ADC-B0B5-A435FEF7AB63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{DC75950B-6A31-4578-A4A2-D963F8F2F27F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E27C8DC2-BDD5-4013-9A43-4FD86412C5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{E28E5DA0-7FD7-4D29-8D1A-281EB77ED797}" = protocol=6 | dir=in | app=l:\bittorrent\bittorrent.exe |

"{E7132AC9-1E13-4DEF-BE16-C3693C95BF4B}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{EA9B321C-7787-4FA2-B09B-FA63126B4BC3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{EE2ED01B-0B1E-4480-A26F-F4CCCB03D45C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |

"{F22860E4-E1C7-481D-A30C-9C1DF00B3925}" = protocol=6 | dir=in | app=l:\scii beta\starcraft ii beta\game\starcraft ii.exe |

"{F5DF0E10-DE1C-4C1F-B2A4-1BA6B6BE07E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{F718878E-C9F8-4295-8950-A2E3A02E6E60}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{FA847869-6652-4ED9-84CE-1002EDB82B87}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{FE1DADB1-5CD3-4A4C-93A9-34D5CF4CFFE0}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |

"TCP Query User{04212193-6C62-49BE-A15D-3D6F2F1939C4}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"TCP Query User{08372AF2-4432-4790-88FE-A204A6BC168E}C:\users\loren\downloads\starcraft_2_beta_enus.exe" = protocol=6 | dir=in | app=c:\users\loren\downloads\starcraft_2_beta_enus.exe |

"TCP Query User{236850FB-64BA-4E68-B621-9E3CD49AAB89}L:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=l:\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{2489B105-982F-4AD2-AFC1-4D3185B9DDB4}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |

"TCP Query User{2B560EA7-A75E-4FA1-9AA3-6C19D16E3FE4}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"TCP Query User{31B0C593-E30D-47D6-942A-A1F671FCE8AE}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |

"TCP Query User{44A455CE-1F99-42BA-A412-57F083521049}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{666124CF-19A3-43DD-9520-8AC5C73F82E2}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |

"TCP Query User{86B00724-7089-4CE9-9682-D3356C59AC0D}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |

"TCP Query User{96F8C88B-DF78-4197-9C5D-38772160AD85}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |

"TCP Query User{97770C43-6E5E-47AF-BB5B-10218D1F39C0}C:\users\loren\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\loren\downloads\starcraft_2_na_en-us.exe |

"TCP Query User{ACEEA3E8-421B-4F32-9865-24033AA4FD1B}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{B1D312DA-6697-41F3-8227-C54CB024C521}L:\scii beta\starcraft ii beta\game\versions\base16036\sc2.exe" = protocol=6 | dir=in | app=l:\scii beta\starcraft ii beta\game\versions\base16036\sc2.exe |

"TCP Query User{B207EA6E-7B0D-423C-8299-FD0C84742B0E}L:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=l:\starcraft ii\versions\base15405\sc2.exe |

"TCP Query User{D5776BF4-D3FE-4DD1-979E-46F2502E847A}L:\scii beta\starcraft ii beta\game\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=l:\scii beta\starcraft ii beta\game\support\blizzarddownloader.exe |

"TCP Query User{D6F5B28B-D252-4F63-ADD8-CA0B13F61075}L:\scii beta\starcraft ii beta\game\versions\base16094\sc2.exe" = protocol=6 | dir=in | app=l:\scii beta\starcraft ii beta\game\versions\base16094\sc2.exe |

"TCP Query User{F184AE9A-FC81-42A3-BEB2-E29F9683EA03}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |

"TCP Query User{F37AB4AB-00A6-4DAB-B8AE-DCACF006EFE0}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{F6AE0B9C-4E96-4B3C-AEF4-578C1E41019B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"UDP Query User{158DEB82-DF8F-42FF-BC6A-EB39D0B3C456}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |

"UDP Query User{21527346-62C8-4453-81A1-77C37D86C20D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"UDP Query User{2DD52EFA-175F-49E9-988D-7FAAC45CB05E}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |

"UDP Query User{34413E40-27FA-4981-AF27-30B786098CF5}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |

"UDP Query User{42935004-9DC5-4F5F-ADCD-0E9162DA6F54}L:\scii beta\starcraft ii beta\game\versions\base16094\sc2.exe" = protocol=17 | dir=in | app=l:\scii beta\starcraft ii beta\game\versions\base16094\sc2.exe |

"UDP Query User{4A94F250-F77A-4C61-808D-A02151368F91}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"UDP Query User{5F9C07BA-A5FE-4763-B6A9-88234D3DAD51}L:\scii beta\starcraft ii beta\game\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=l:\scii beta\starcraft ii beta\game\support\blizzarddownloader.exe |

"UDP Query User{6A1AAD93-574A-4D26-A7AA-32807CB81D18}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |

"UDP Query User{7DB6A6D4-5DC5-401A-9FE6-5B8FBBA7B10B}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |

"UDP Query User{889D3BD9-B3A6-48B9-A200-140BA41C3A5A}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |

"UDP Query User{88F8FBB1-CDF5-4215-BAF7-91E3C454AE14}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"UDP Query User{B3081E13-6E96-4FE6-A903-5C59382D9F02}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"UDP Query User{C08ECE5A-D632-4853-9A6F-CBD3F893BA5B}C:\users\loren\downloads\starcraft_2_beta_enus.exe" = protocol=17 | dir=in | app=c:\users\loren\downloads\starcraft_2_beta_enus.exe |

"UDP Query User{C7CEBBC0-800D-4D3F-A0EA-7DC348BE28DD}L:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=l:\starcraft ii\versions\base15405\sc2.exe |

"UDP Query User{EBD6CE17-3BE8-4654-950C-E5B46B77DE90}L:\scii beta\starcraft ii beta\game\versions\base16036\sc2.exe" = protocol=17 | dir=in | app=l:\scii beta\starcraft ii beta\game\versions\base16036\sc2.exe |

"UDP Query User{EEA38CCA-6158-45D3-9849-95AFC17DCEE7}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{F7F204F1-2E90-44AD-9E72-DCB4D484316F}L:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=l:\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{FDBDC5C3-8737-417B-B827-D7ABB283AD44}C:\users\loren\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\loren\downloads\starcraft_2_na_en-us.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64

"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ

"{5949F7F1-129C-45F3-9BE0-856AF7A5CBAC}" = M-Audio Micro Driver 2.0.1 (x64)

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{799A2570-329C-4BFC-8207-5951EE1326C4}" = Record Ignition Key Support

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{82078B7A-9C6F-4DB5-8201-FF1007073B63}" = Authorizer Ignition Key Support

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{C874B99C-8480-4AFB-A646-4B1DCAB185B2}" = M-Audio FastTrack Driver 6.0.2 (x64)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"REAPER" = REAPER (x64)

"VistaGlazz_is1" = VistaGlazz 2.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{176E4575-D91E-4456-A813-B2F89D88A400}" = DENON DJ ASIO Driver

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 14

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}" = Fast Track

"{3A30DFDF-238C-4DE4-B8D8-D764AF468AA5}" = KORG USB-MIDI Driver Tools for Windows

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space

Link to post
Share on other sites

MBR CHeck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc
System Product Name: XPS 630i
Logical Drives Mask: 0x000003ee

Kernel Drivers (total 178):
0x00C58000 \SystemRoot\system32\ntoskrnl.exe
0x00C12000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064E000 \SystemRoot\system32\PSHED.dll
0x00662000 \SystemRoot\system32\CLFS.SYS
0x006BF000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008B2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008C1000 \SystemRoot\system32\drivers\acpi.sys
0x00917000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00920000 \SystemRoot\system32\drivers\msisadrv.sys
0x0092A000 \SystemRoot\system32\drivers\pci.sys
0x0095A000 \SystemRoot\System32\drivers\partmgr.sys
0x0096F000 \SystemRoot\system32\drivers\volmgr.sys
0x00983000 \SystemRoot\System32\drivers\volmgrx.sys
0x00771000 \SystemRoot\system32\drivers\nvrd64.sys
0x0079D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x009E9000 \SystemRoot\system32\drivers\pciide.sys
0x009F0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x007C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x007DC000 \SystemRoot\system32\drivers\nvraid.sys
0x00800000 \SystemRoot\system32\drivers\atapi.sys
0x00A0A000 \SystemRoot\system32\drivers\ataport.SYS
0x00A2E000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A59000 \SystemRoot\system32\drivers\storport.sys
0x00AB6000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AFD000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B11000 \SystemRoot\system32\drivers\mfehidk.sys
0x00B90000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0D000 \SystemRoot\system32\drivers\ndis.sys
0x00C8D000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDD000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118B000 \SystemRoot\system32\drivers\volsnap.sys
0x011CF000 \SystemRoot\System32\Drivers\Tpkd.sys
0x011F2000 \SystemRoot\System32\Drivers\spldr.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x00FEB000 \SystemRoot\System32\Drivers\mup.sys
0x00D36000 \SystemRoot\System32\drivers\ecache.sys
0x00D62000 \SystemRoot\system32\drivers\disk.sys
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x00E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00DDC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00DE5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02C0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03936000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03A0F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03AF2000 \SystemRoot\System32\drivers\watchdog.sys
0x03B02000 \SystemRoot\system32\DRIVERS\physX64.sys
0x03B29000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03B36000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03B41000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03B87000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B98000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x03BA1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03BBD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03BCA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03938000 \SystemRoot\system32\drivers\ctaud2k.sys
0x00B9C000 \SystemRoot\system32\drivers\portcls.sys
0x00BD7000 \SystemRoot\system32\drivers\drmk.sys
0x03C0C000 \SystemRoot\system32\drivers\ks.sys
0x03C40000 \SystemRoot\system32\drivers\ctoss2k.sys
0x03C71000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x03C79000 \SystemRoot\system32\drivers\ksthunk.sys
0x03C7F000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x0400B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04044000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04051000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04074000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x040B1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x040C1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x040DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x040F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0410A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04118000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04124000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04126000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x0416A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04175000 \SystemRoot\system32\DRIVERS\bomebus.sys
0x04181000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04191000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0BA06000 \SystemRoot\system32\drivers\ha20x2k.sys
0x0BB87000 \SystemRoot\system32\drivers\emupia2k.sys
0x0BC09000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x0BC41000 \SystemRoot\system32\drivers\ctac32k.sys
0x0BCEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0BD10000 \SystemRoot\system32\drivers\bomemidi.sys
0x0BD28000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x0BD43000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x0BE05000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x0BF62000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0BF6C000 \SystemRoot\System32\Drivers\Null.SYS
0x0BF80000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0BF88000 \SystemRoot\System32\drivers\vga.sys
0x0BF96000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0BFBB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0BFC4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0BFCD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0BFD8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0BFE9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0C006000 \SystemRoot\System32\drivers\tcpip.sys
0x0C17C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0C1A8000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0BD78000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0BD95000 \SystemRoot\system32\DRIVERS\smb.sys
0x0BDB0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0C200000 \SystemRoot\system32\drivers\afd.sys
0x0C26B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0C289000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x0C29A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0C2A9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0C2C4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0C311000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0C31D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0C33A000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0C367000 \SystemRoot\system32\drivers\mfefirek.sys
0x0C3D1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0BBD1000 \SystemRoot\System32\Drivers\dump_nvrd64.sys
0x00D76000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0x00000000 \SystemRoot\System32\win32k.sys
0x0C3DF000 \SystemRoot\System32\drivers\Dxapi.sys
0x0C3EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0C1EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0C3F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041D9000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x039DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0BFF2000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x00DA2000 \SystemRoot\system32\drivers\usbaudio.sys
0x00DBB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x041EA000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0BF75000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x108B9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x108C4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x03BEC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x00860000 \SystemRoot\System32\ATMFD.DLL
0x12C0C000 \SystemRoot\system32\drivers\luafv.sys
0x12C2E000 \SystemRoot\system32\drivers\spsys.sys
0x12CC8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x12CDC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x12D10000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x12D1B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x12D33000 \SystemRoot\system32\drivers\HTTP.sys
0x12DD6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x13C0F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x13C2D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x13C47000 \SystemRoot\system32\drivers\mrxdav.sys
0x13C6E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x13C97000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x13CE0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x13CFF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x13D31000 \SystemRoot\System32\DRIVERS\srv.sys
0x13DC5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x10804000 \SystemRoot\System32\Drivers\adfs.SYS
0x108D8000 \SystemRoot\system32\drivers\peauth.sys
0x1098E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x13C00000 \SystemRoot\System32\Drivers\secdrv.SYS
0x109AA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x12C00000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x109E7000 \SystemRoot\system32\drivers\tdtcp.sys
0x1081C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x1082A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x10866000 \SystemRoot\system32\drivers\cfwids.sys
0x10874000 \SystemRoot\system32\drivers\mfeapfk.sys
0x10890000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x15208000 \SystemRoot\System32\Drivers\bthport.sys
0x152B6000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x152E7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x152F4000 \SystemRoot\system32\drivers\btwavdt.sys
0x1535F000 \SystemRoot\system32\drivers\btwaudio.sys
0x153DE000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x153E2000 \??\C:\Windows\system32\drivers\mbam.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
612 csrss.exe
692 C:\Windows\System32\wininit.exe
712 csrss.exe
748 C:\Windows\System32\services.exe
772 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
932 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\nvvsvc.exe
1004 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\audiodg.exe
700 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
780 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\SLsvc.exe
1112 C:\Program Files\Dell\DellDock\DockLogin.exe
1136 C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
1228 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\spoolsv.exe
1564 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\nvvsvc.exe
2040 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1080 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1148 C:\Windows\System32\svchost.exe
1284 C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
1672 C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
1720 C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
2128 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2148 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
2164 LVPrS64H.exe
2176 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2212 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
2244 C:\Windows\System32\rundll32.exe
2280 C:\Windows\SysWOW64\rundll32.exe
2296 C:\Windows\SysWOW64\PnkBstrA.exe
2316 C:\Windows\System32\svchost.exe
2328 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2424 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2448 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2468 C:\Windows\System32\svchost.exe
2500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2540 C:\Windows\System32\SearchIndexer.exe
2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2600 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2712 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2776 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2952 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3832 C:\Windows\System32\dwm.exe
856 C:\Windows\explorer.exe
3880 C:\Program Files\Windows Defender\MSASCui.exe
3924 C:\Windows\System32\nvraidservice.exe
3908 C:\Program Files\Logitech\SetPoint\LBTWiz.exe
1856 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
3972 C:\Windows\ehome\ehtray.exe
2200 WmiPrvSE.exe
1832 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4216 C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
4252 C:\Windows\System32\wbem\unsecapp.exe
4416 C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
4428 C:\Program Files\McAfee.com\Agent\mcagent.exe
4512 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4536 C:\Windows\ehome\ehmsas.exe
4548 C:\Program Files\Windows Media Player\wmpnscfg.exe
4584 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
4628 C:\Program Files\Windows Media Player\wmpnetwk.exe
4668 C:\Program Files\Dell\DellDock\DellDock.exe
4680 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4848 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4944 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
5084 C:\Program Files\iPod\bin\iPodService.exe
4112 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2380 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4056 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4248 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5984 MpCmdRun.exe
5608 C:\Windows\SysWOW64\notepad.exe
5068 C:\Users\Loren\Downloads\OTL.exe
3044 C:\Windows\notepad.exe
4792 C:\Windows\notepad.exe
2372 dllhost.exe
5288 dllhost.exe
5508 C:\Users\Loren\Desktop\MBRCheck.exe

\\.\B: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD1002FAEX-00Z3A, Rev: 05.0
PhysicalDrive1 Model Number: NVIDIASTRIPE 465.66G, Rev:

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive1 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Link to post
Share on other sites

OTL.Txt

OTL logfile created on: 12/3/2010 2:17:16 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Loren\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): c:\pagefile.sys 6138 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 463.58 Gb Total Space | 158.48 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 49.95% Space Free | Partition Type: NTFS

Drive I: | 1.89 Gb Total Space | 0.95 Gb Free Space | 50.36% Space Free | Partition Type: FAT

Computer Name: LOREN-PC | User Name: Loren | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/12/03 14:09:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Loren\Downloads\OTL.exe

PRC - [2010/10/28 09:37:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/10/28 09:37:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010/09/01 00:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/04/08 03:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

PRC - [2010/04/07 03:20:00 | 006,837,648 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe

PRC - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/17 16:04:24 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/12/03 14:09:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Loren\Downloads\OTL.exe

MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:[b]64bit:[/b] - [2010/10/19 11:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:[b]64bit:[/b] - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:[b]64bit:[/b] - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:[b]64bit:[/b] - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:[b]64bit:[/b] - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:[b]64bit:[/b] - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:[b]64bit:[/b] - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:[b]64bit:[/b] - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:[b]64bit:[/b] - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:[b]64bit:[/b] - [2007/11/21 12:16:02 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/17 22:46:39 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)

SRV - [2010/05/20 16:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/04/08 03:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)

SRV - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/24 05:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2009/07/08 03:12:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/07/08 02:42:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/05/17 16:04:24 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)

DRV:[b]64bit:[/b] - [2010/10/13 21:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:[b]64bit:[/b] - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:[b]64bit:[/b] - [2010/05/06 12:58:28 | 000,162,304 | ---- | M] (

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.