Jump to content

Recommended Posts

basically i got a virus which seems to keep giving me more and more viruses mainly trojans and opens web pages and redirects my pages often.

i was using avg and it gets some of the trojans but when i downloaded microsoft security essentials it found other trojans avg did not

avg did a rootkit scan and found a file called rootkit.TDSS.TDL4

microsoft security essentials found a trojan named Trojan:DOS/alureon.A

11hs39l.jpg

my friend told me to download hijackthis and post the logs on this site and i may have some luck so here they are

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Nick\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IntelDHSvcConf - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 12762 bytes

any help is appreciated thanks

Link to post
Share on other sites

Hi nick800,

Welcome to the Malwarebytes Forum :)

You have a nasty rootkit infection called TDL4.

Step #1

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    tdsskiller2.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step #2

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

2011/05/24 21:57:25.0369 7236 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23

2011/05/24 21:57:27.0234 7236 ================================================================================

2011/05/24 21:57:27.0234 7236 SystemInfo:

2011/05/24 21:57:27.0234 7236

2011/05/24 21:57:27.0234 7236 OS Version: 6.0.6000 ServicePack: 0.0

2011/05/24 21:57:27.0234 7236 Product type: Workstation

2011/05/24 21:57:27.0234 7236 ComputerName: NICK-PC

2011/05/24 21:57:27.0235 7236 UserName: Nick

2011/05/24 21:57:27.0235 7236 Windows directory: C:\Windows

2011/05/24 21:57:27.0235 7236 System windows directory: C:\Windows

2011/05/24 21:57:27.0235 7236 Processor architecture: Intel x86

2011/05/24 21:57:27.0235 7236 Number of processors: 4

2011/05/24 21:57:27.0235 7236 Page size: 0x1000

2011/05/24 21:57:27.0235 7236 Boot type: Normal boot

2011/05/24 21:57:27.0235 7236 ================================================================================

2011/05/24 21:57:29.0049 7236 Initialize success

2011/05/24 21:57:59.0114 6484 ================================================================================

2011/05/24 21:57:59.0114 6484 Scan started

2011/05/24 21:57:59.0114 6484 Mode: Manual;

2011/05/24 21:57:59.0114 6484 ================================================================================

2011/05/24 21:57:59.0364 6484 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/05/24 21:57:59.0424 6484 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/05/24 21:57:59.0520 6484 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/05/24 21:57:59.0550 6484 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/05/24 21:57:59.0585 6484 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/05/24 21:57:59.0716 6484 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/05/24 21:57:59.0765 6484 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/05/24 21:57:59.0954 6484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/05/24 21:58:00.0006 6484 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/05/24 21:58:00.0120 6484 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/05/24 21:58:00.0150 6484 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/05/24 21:58:00.0205 6484 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/05/24 21:58:00.0308 6484 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/05/24 21:58:00.0374 6484 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/05/24 21:58:00.0479 6484 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/05/24 21:58:00.0530 6484 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/24 21:58:00.0653 6484 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys

2011/05/24 21:58:00.0777 6484 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys

2011/05/24 21:58:00.0917 6484 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2011/05/24 21:58:00.0997 6484 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2011/05/24 21:58:01.0082 6484 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2011/05/24 21:58:01.0132 6484 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

2011/05/24 21:58:01.0227 6484 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

2011/05/24 21:58:01.0295 6484 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

2011/05/24 21:58:01.0431 6484 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

2011/05/24 21:58:01.0492 6484 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

2011/05/24 21:58:01.0580 6484 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/05/24 21:58:01.0667 6484 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/24 21:58:01.0742 6484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/05/24 21:58:01.0783 6484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/05/24 21:58:01.0839 6484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/05/24 21:58:01.0901 6484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/05/24 21:58:01.0942 6484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/05/24 21:58:01.0962 6484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/05/24 21:58:02.0037 6484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/05/24 21:58:02.0077 6484 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/24 21:58:02.0102 6484 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/24 21:58:02.0176 6484 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/05/24 21:58:02.0214 6484 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/05/24 21:58:02.0323 6484 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/05/24 21:58:02.0347 6484 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/05/24 21:58:02.0380 6484 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/05/24 21:58:02.0472 6484 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/05/24 21:58:02.0521 6484 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/05/24 21:58:02.0639 6484 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/05/24 21:58:02.0709 6484 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/05/24 21:58:02.0808 6484 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/24 21:58:02.0849 6484 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/05/24 21:58:02.0935 6484 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/05/24 21:58:03.0059 6484 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/05/24 21:58:03.0131 6484 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/05/24 21:58:03.0263 6484 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/05/24 21:58:03.0313 6484 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/24 21:58:03.0401 6484 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/05/24 21:58:03.0449 6484 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/05/24 21:58:03.0529 6484 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/24 21:58:03.0558 6484 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/05/24 21:58:03.0593 6484 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/24 21:58:03.0676 6484 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/05/24 21:58:03.0704 6484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/24 21:58:03.0770 6484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/05/24 21:58:03.0844 6484 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/24 21:58:03.0906 6484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/05/24 21:58:03.0956 6484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/05/24 21:58:04.0009 6484 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/24 21:58:04.0049 6484 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/05/24 21:58:04.0126 6484 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/05/24 21:58:04.0190 6484 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/05/24 21:58:04.0274 6484 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/24 21:58:04.0357 6484 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

2011/05/24 21:58:04.0489 6484 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/05/24 21:58:04.0630 6484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/05/24 21:58:04.0707 6484 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys

2011/05/24 21:58:04.0852 6484 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/24 21:58:04.0992 6484 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys

2011/05/24 21:58:05.0031 6484 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/05/24 21:58:05.0145 6484 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/24 21:58:05.0230 6484 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/24 21:58:05.0443 6484 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/05/24 21:58:05.0610 6484 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/05/24 21:58:05.0755 6484 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/05/24 21:58:05.0875 6484 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/05/24 21:58:05.0924 6484 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/24 21:58:06.0046 6484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/05/24 21:58:06.0089 6484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/05/24 21:58:06.0114 6484 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/24 21:58:06.0227 6484 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/24 21:58:06.0423 6484 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/24 21:58:06.0668 6484 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys

2011/05/24 21:58:06.0776 6484 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys

2011/05/24 21:58:06.0830 6484 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/24 21:58:06.0935 6484 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/05/24 21:58:06.0968 6484 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/05/24 21:58:06.0993 6484 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/05/24 21:58:07.0082 6484 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/05/24 21:58:07.0173 6484 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/05/24 21:58:07.0210 6484 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/05/24 21:58:07.0317 6484 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/24 21:58:07.0345 6484 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/24 21:58:07.0377 6484 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/24 21:58:07.0465 6484 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/05/24 21:58:07.0521 6484 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/05/24 21:58:07.0623 6484 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/05/24 21:58:07.0749 6484 MpKsl20cbda6e (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AE1E833-42ED-4D20-8375-06DA24A897B5}\MpKsl20cbda6e.sys

2011/05/24 21:58:07.0856 6484 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/05/24 21:58:07.0884 6484 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/24 21:58:07.0988 6484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/05/24 21:58:08.0017 6484 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/05/24 21:58:08.0047 6484 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/24 21:58:08.0091 6484 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/24 21:58:08.0169 6484 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/24 21:58:08.0223 6484 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/05/24 21:58:08.0255 6484 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/05/24 21:58:08.0333 6484 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/05/24 21:58:08.0386 6484 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2011/05/24 21:58:08.0469 6484 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/24 21:58:08.0529 6484 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/24 21:58:08.0599 6484 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/05/24 21:58:08.0627 6484 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/05/24 21:58:08.0686 6484 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/24 21:58:08.0749 6484 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/05/24 21:58:08.0779 6484 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/05/24 21:58:08.0908 6484 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/24 21:58:09.0041 6484 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/05/24 21:58:09.0167 6484 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/24 21:58:09.0240 6484 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/24 21:58:09.0279 6484 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/24 21:58:09.0353 6484 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/05/24 21:58:09.0398 6484 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/24 21:58:09.0428 6484 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/24 21:58:09.0560 6484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/05/24 21:58:09.0626 6484 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys

2011/05/24 21:58:09.0695 6484 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/05/24 21:58:09.0735 6484 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/24 21:58:09.0825 6484 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/05/24 21:58:09.0924 6484 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/05/24 21:58:09.0951 6484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/05/24 21:58:09.0969 6484 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/05/24 21:58:10.0216 6484 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/24 21:58:10.0492 6484 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/05/24 21:58:10.0520 6484 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/05/24 21:58:10.0550 6484 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/05/24 21:58:10.0694 6484 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/24 21:58:10.0825 6484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys

2011/05/24 21:58:10.0851 6484 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/05/24 21:58:10.0944 6484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/24 21:58:10.0978 6484 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2011/05/24 21:58:11.0010 6484 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2011/05/24 21:58:11.0108 6484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/05/24 21:58:11.0165 6484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/05/24 21:58:11.0339 6484 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/24 21:58:11.0368 6484 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/05/24 21:58:11.0488 6484 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/24 21:58:11.0516 6484 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/05/24 21:58:11.0537 6484 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys

2011/05/24 21:58:11.0626 6484 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys

2011/05/24 21:58:11.0681 6484 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/05/24 21:58:11.0789 6484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/05/24 21:58:11.0827 6484 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/24 21:58:11.0848 6484 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/24 21:58:11.0947 6484 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/24 21:58:11.0981 6484 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/24 21:58:12.0005 6484 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/24 21:58:12.0103 6484 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/24 21:58:12.0146 6484 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/05/24 21:58:12.0198 6484 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/24 21:58:12.0240 6484 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/05/24 21:58:12.0364 6484 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/24 21:58:12.0432 6484 SaiK0CC3 (830e6e79cea8164d8b43ff7df79e6e40) C:\Windows\system32\DRIVERS\SaiK0CC3.sys

2011/05/24 21:58:12.0535 6484 SaiMini (646d8be92ecfbfbea9fea7682b0e579a) C:\Windows\system32\DRIVERS\SaiMini.sys

2011/05/24 21:58:12.0582 6484 SaiNtBus (f47b3689cb50c5ee571da6ed1d2ef3c6) C:\Windows\system32\drivers\SaiBus.sys

2011/05/24 21:58:12.0669 6484 SaiU0CC3 (5fd14d230c3cf39a120dcc43d73cfe25) C:\Windows\system32\DRIVERS\SaiU0CC3.sys

2011/05/24 21:58:12.0729 6484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/05/24 21:58:12.0831 6484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/24 21:58:12.0890 6484 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/24 21:58:12.0964 6484 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

2011/05/24 21:58:13.0019 6484 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/05/24 21:58:13.0068 6484 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/05/24 21:58:13.0141 6484 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/24 21:58:13.0208 6484 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/24 21:58:13.0284 6484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/05/24 21:58:13.0342 6484 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/05/24 21:58:13.0389 6484 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/05/24 21:58:13.0423 6484 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/05/24 21:58:13.0523 6484 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/05/24 21:58:13.0606 6484 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/05/24 21:58:13.0723 6484 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys

2011/05/24 21:58:13.0723 6484 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593

2011/05/24 21:58:13.0730 6484 sptd - detected LockedFile.Multi.Generic (1)

2011/05/24 21:58:13.0792 6484 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/05/24 21:58:13.0877 6484 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/24 21:58:13.0944 6484 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/24 21:58:14.0049 6484 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/24 21:58:14.0101 6484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/05/24 21:58:14.0129 6484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/05/24 21:58:14.0159 6484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/05/24 21:58:14.0270 6484 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/05/24 21:58:14.0325 6484 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/24 21:58:14.0360 6484 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/24 21:58:14.0437 6484 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/05/24 21:58:14.0489 6484 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/05/24 21:58:14.0556 6484 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/24 21:58:14.0579 6484 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/24 21:58:14.0667 6484 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys

2011/05/24 21:58:14.0759 6484 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/24 21:58:14.0798 6484 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/05/24 21:58:14.0908 6484 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/24 21:58:14.0949 6484 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/05/24 21:58:15.0045 6484 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/24 21:58:15.0108 6484 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/24 21:58:15.0201 6484 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/05/24 21:58:15.0237 6484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/05/24 21:58:15.0279 6484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/05/24 21:58:15.0374 6484 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/24 21:58:15.0510 6484 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/05/24 21:58:15.0554 6484 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/24 21:58:15.0647 6484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/05/24 21:58:15.0694 6484 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/24 21:58:15.0785 6484 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/24 21:58:15.0832 6484 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/05/24 21:58:15.0928 6484 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/24 21:58:15.0968 6484 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/24 21:58:15.0999 6484 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/24 21:58:16.0121 6484 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/24 21:58:16.0165 6484 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/05/24 21:58:16.0272 6484 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/05/24 21:58:16.0313 6484 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/05/24 21:58:16.0341 6484 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/05/24 21:58:16.0370 6484 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2011/05/24 21:58:16.0455 6484 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/05/24 21:58:16.0485 6484 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/05/24 21:58:16.0542 6484 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/05/24 21:58:16.0640 6484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/05/24 21:58:16.0674 6484 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 21:58:16.0691 6484 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 21:58:16.0743 6484 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/05/24 21:58:16.0856 6484 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

2011/05/24 21:58:16.0915 6484 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/24 21:58:17.0072 6484 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/05/24 21:58:17.0173 6484 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/05/24 21:58:17.0257 6484 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/24 21:58:17.0361 6484 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys

2011/05/24 21:58:17.0428 6484 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/24 21:58:17.0539 6484 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys

2011/05/24 21:58:17.0585 6484 MBR (0x1B8) (9a60a21600304533d523088c7b447e29) \Device\Harddisk0\DR0

2011/05/24 21:58:17.0591 6484 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/24 21:58:17.0595 6484 ================================================================================

2011/05/24 21:58:17.0595 6484 Scan finished

2011/05/24 21:58:17.0595 6484 ================================================================================

2011/05/24 21:58:17.0610 1444 Detected object count: 2

2011/05/24 21:58:17.0610 1444 Actual detected object count: 2

2011/05/24 21:58:36.0459 1444 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/05/24 21:58:36.0499 1444 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/24 21:58:36.0500 1444 \Device\Harddisk0\DR0 - ok

2011/05/24 21:58:36.0501 1444 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/24 22:02:39.0294 6348 Deinitialize success

Link to post
Share on other sites

We have taken care of the main rootkit infection, now we need to see if anything else is hiding on the system.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

OTL Extras logfile created on: 25/05/2011 3:19:21 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nick\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.62% Memory free

6.17 Gb Paging File | 4.93 Gb Available in Paging File | 79.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 44.26 Gb Free Space | 19.40% Space Free | Partition Type: NTFS

Drive D: | 227.87 Gb Total Space | 166.06 Gb Free Space | 72.87% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)

"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)

"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08320144-CFAD-4EBE-8385-AEE9E498B0B1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1BD42E88-FF3B-4A7F-8612-4DFEBB43CE8C}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |

"{1CE13C76-DF27-4F15-8937-F1DA12FCE50F}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{4219261E-5028-41C1-B5A5-400AF9C56B69}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |

"{6E7FE167-A2A5-44CF-B99E-41705FEF1112}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{95584D2D-F590-4CE6-AF58-01BE25D5D900}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |

"{9B14CD66-359C-44C6-B0BD-192A8B05D7AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BA5DE8FF-12F3-4040-8F58-11233D0DED7F}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery |

"{D75CFDA2-702B-4159-B21B-F646894244AF}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |

"{E6B232D8-2716-4430-9CCC-022D2F6C0504}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery |

"{F6B91D3B-0E03-4201-B674-AF4D0CB1AAB3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02FDEE64-5FE5-4248-B979-72D692C92FD4}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{09FE7E36-D12C-473F-B54D-0E0AA7FFFEE5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{0F89B4ED-5EB7-4293-8F52-E503F0205D4D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{14916889-C276-4BE8-8AF0-17057900E5AE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{14BB6B72-0D1C-4061-9D6B-237336F8DED0}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{19C76126-2641-45DC-AF55-3109F8EED6F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{1A70E062-B563-418D-B6A5-74107E6D6456}" = protocol=6 | dir=in | app=c:\program files\electronic arts\darkspore\darksporebin\darkspore.exe |

"{1D3A0440-3A49-4957-A86C-528EDE110455}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{207B4621-2B0E-4410-AB04-9A43022604AE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{28F35438-31FC-4C73-815B-9663E1643A50}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |

"{2C235BAC-DC85-4A36-9878-570A49AC3B73}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{3240D452-2D4B-4D96-84FD-4B64D954133C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\arron07\garrysmod\hl2.exe |

"{349BCD52-42AB-4E7F-B005-14228111AFC8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{34AA4646-5FE1-4961-9C47-2E5AE095E033}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{37579BC0-C199-4D2B-BBA0-8AFAD59DCEF2}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |

"{39CCFEBB-677E-4877-B865-7B6581B663DE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3D205A63-04BB-411A-B32A-F1C456117235}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{3F16FB17-0C1C-4C0A-8B90-55D3A3C7CBC3}" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |

"{40E95882-8F14-4AC0-A72B-D7B73851351E}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe |

"{41DCE02C-9070-4DE4-A4AA-097557D75583}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |

"{4309A72B-AC97-4498-B11F-DA6A3792E3B9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |

"{43B1AF57-1E69-43E5-9CB2-6214CEF47715}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{48691538-1026-4557-A86F-9909A7595CA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\arron07\garrysmod\hl2.exe |

"{48AD5E13-6ACD-449E-A234-55C886EAB4D9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{4AEB733A-4F4E-4A92-A5BA-CF34FF56962F}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{4E61669F-D25E-4EA5-9CE2-4808B7B7E3EA}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{4F709574-AC90-44C4-8CDF-B7021F64EC75}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{4FDA5B7A-AD9A-46D0-B8E9-64C5B5DDF3C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |

"{5AE28BE9-5B32-4C3F-BE69-1D5A30C0B1DF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |

"{602A311F-540B-4709-AABB-B94A90AB418E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{6548A414-255F-44D5-A432-6F1EA14BBB52}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{67608B33-8F16-42CE-8AF8-3107AABB90ED}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{689BF6DD-8C23-4E31-9146-3CF54DCD2717}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |

"{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |

"{6CBBBB27-BD8F-47F4-BCEC-8B4C233762F1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{6D76E5F5-765D-474E-992C-0C9AF019E89B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6F9CE08E-5F9D-45A9-8EB0-4A634D307384}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{712344DC-3475-4A33-8CE2-9D00FC463310}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7390071F-4922-4142-AA4C-DF0770FB8749}" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor mp open beta\mohmpupdater.exe |

"{7A6AA98C-06E4-4F27-8B04-11A91DCEE65F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\darkspore\darksporebin\darkspore.exe |

"{7C9FDE30-4479-4A8C-B442-30EEC3FA0A53}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{7D292709-4806-4DDE-B2AE-70A81634EF97}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ii\game.dat |

"{7F86B920-53C3-49A1-85E3-E004FC072142}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |

"{811C9E28-08A4-4B13-973F-AD5F208F9A83}" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor mp open beta\mohmpupdater.exe |

"{836F2C42-56E7-4F8C-B55A-55436C27A753}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |

"{84F46484-C76E-4861-8975-A604429ABA50}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{857E0EA8-AEE5-409D-BD76-35FD18E20BFD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{863D625F-0A02-4867-AA79-8F10B720AEF3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{86AEC65C-DBF7-46C8-BE53-3CC46ADA7EFA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{8C8C87A6-68A5-4280-80CD-4793030EF4F6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{8F0CA115-A418-4B23-A181-528822284301}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{8FF0B0B5-E46A-4922-AC55-8215565D2C17}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe |

"{91B2FB4D-344C-4E4C-A87C-22642230DFEF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |

"{9742A5CA-5FDC-48D4-8CD0-CF19D79A8B27}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{9971D875-30D4-4AC0-8938-A0DBED266529}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{999B170F-BED1-40D2-9E30-3EAE5B6EA264}" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |

"{A1D59D45-3DDF-469D-9DE9-51A810813921}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{A2D23F29-8025-4936-820A-3DAB76AE31ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |

"{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |

"{A5FDA8B2-3A02-4486-85AD-6A7704897B16}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |

"{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |

"{B2D10C74-4721-4F0B-A41A-7192555F055A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{B480AA2E-435C-46D3-B10C-CEBB9E4464DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{B8A9786B-41EC-4444-9633-78E6A090B347}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{BCF9EA3A-39B0-4D3D-A4FF-2CF115F75C14}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |

"{C1F47FE3-186E-414E-A484-CC9C16778858}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ii\game.dat |

"{C42FEA86-940C-43FE-A9AA-4CF7A49F3D9D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{C70677E0-F7F5-43E3-A5AE-8284AA97F0F0}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |

"{D1E30DAF-E7C9-4B24-942B-FF7CF52DEAE1}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |

"{D3075C8D-54AA-4573-89D5-873FD4561B65}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{D68DDEBB-E3A2-45D8-B957-9871FA0C47FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |

"{E367A69F-468B-4098-88AF-2D09BA3CAF14}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{E37D4661-1F10-4601-B312-3ABEEA43A718}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EA07C234-CD94-4381-B9AD-FB5B74484FDE}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |

"{F514D5DD-3D8D-4015-8CF7-96B99D3333C1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{F9116531-D140-4A84-9798-19C0F74ABEA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |

"{FCFFE81E-383B-443F-95C1-49030A4C07A8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |

"TCP Query User{00230FFF-2F57-472C-B33C-9630D3A94B57}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{0186AE36-EB9C-44C8-B414-D8EECFE1F4E6}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

"TCP Query User{0738757B-3519-426F-8B21-071DA0B52232}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

"TCP Query User{0871AE78-BF42-4498-9B84-76B0E8BBAB93}C:\program files\microsoft games\project s\spartan.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |

"TCP Query User{1B6BC4BE-5CE5-4EFF-AFB4-A346E11A8568}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"TCP Query User{1E9AC2D9-C90B-4A34-90E3-809C8B3A48B3}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |

"TCP Query User{2D08CF57-B381-4C8F-8465-134048A10798}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |

"TCP Query User{324663B5-BEDB-41FC-A80F-3602B20736FD}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |

"TCP Query User{346BB709-204F-40BE-86E8-A2F5FAAC2022}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |

"TCP Query User{39D828B4-6D68-4C30-BFCC-0B3257313927}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |

"TCP Query User{3C936C8C-5B6C-46FB-83A9-6EF9F08D3DF9}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{43291287-A06E-484E-AFAA-77E3ABF094AC}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |

"TCP Query User{43BF4E3C-809B-45B2-80F4-04FEFA8F8ED8}C:\program files\steam\steamapps\daniel570\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\daniel570\counter-strike source\hl2.exe |

"TCP Query User{5406790C-EC0F-4AD9-90A9-7200A68BE7F5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"TCP Query User{69A6EE31-FB1E-4005-A2DA-6256336BA275}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |

"TCP Query User{6DC4335D-5F5A-4DA4-B88F-B5FF0858A941}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"TCP Query User{71F63264-7474-4B76-9330-A71C9AAC1363}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{775BE630-FF46-4261-BF88-9EB1C3FBA1E5}C:\users\public\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |

"TCP Query User{85AEA624-64A8-4D75-85A7-0B1CF5C6117F}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{9D98FEB3-FD99-4C93-8812-BAFD39B6D733}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"TCP Query User{9F3376A6-53B5-4E3A-A0EC-C63B12A87D84}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |

"TCP Query User{A29A9CC5-074D-4A8D-9A55-51B8A3D29778}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |

"TCP Query User{B5AF4A25-C37F-4E19-9B69-C78603E11F00}C:\users\public\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |

"TCP Query User{B8DE5743-AB54-46AE-8252-C5AD8C83BBDC}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |

"TCP Query User{E16E413E-CC63-4B5F-8A58-2C0F6C04F16B}C:\program files\ijji\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\program files\ijji\gunz\gunz.exe |

"TCP Query User{EF884516-1AB1-4148-9B56-87F500BAE363}C:\program files\electronic arts\medal of honor mp open beta\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor mp open beta\mohmpgame.exe |

"TCP Query User{F37A5C33-77B9-459E-B332-70E859F16E5C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"TCP Query User{F4CE9D66-FD99-4693-A1AE-C1D7683DDDF1}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe |

"TCP Query User{F7CBAEAF-936C-4ECE-9B9B-673FC95EF7DC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"TCP Query User{F7DCCAA1-4873-43EA-99B6-36DB48401A8D}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |

"UDP Query User{06B43542-FC74-4A00-A685-8E44D65A9B51}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |

"UDP Query User{13267FFF-FD2C-469E-9E88-115C7A3C93B3}C:\program files\electronic arts\medal of honor mp open beta\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor mp open beta\mohmpgame.exe |

"UDP Query User{1986855B-8D18-44A0-9167-649E46BD4EDF}C:\program files\ijji\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\program files\ijji\gunz\gunz.exe |

"UDP Query User{1F06464C-6ABE-434C-95B6-5C404E5290AC}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |

"UDP Query User{20CC9CD6-5DBE-454C-B1E2-4CE0A5DF9D63}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{2B52E9C1-8D92-4B75-B837-36472E4BEF6B}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |

"UDP Query User{2CEE24BF-02B1-4E36-BC97-97E252360B83}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"UDP Query User{32E28AA1-B5B2-4B02-8460-343FAABC5B37}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |

"UDP Query User{3B7FF6ED-3723-424F-A401-C8B7F6615C50}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"UDP Query User{4926C7E2-A15E-4D6C-B39E-7E2B6B1540C2}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |

"UDP Query User{5999CF65-A568-4366-AF32-E240578397F0}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

"UDP Query User{5F719AF3-9269-4C21-973B-859125DA20E1}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe |

"UDP Query User{64842FB7-0D93-4F6C-8AFD-4397235E5C15}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |

"UDP Query User{6E59E04D-5FAE-41E2-9F86-589FEF7A9A95}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{72E9C2EF-F23E-4A7D-B151-9DDB813CC4F0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{7DD2DFB2-9D75-4139-8A5C-CE9F0AC4A88D}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |

"UDP Query User{8F018869-7AA5-4972-B9A9-6607ED522AFD}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |

"UDP Query User{90A17328-9AD6-4B22-90F0-946EE83BD894}C:\users\public\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |

"UDP Query User{99A965DA-8FEE-46AE-850C-E7B4874A1270}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"UDP Query User{A65354AA-5119-47D1-A74C-31EFAC6DAFB2}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"UDP Query User{A8FC4BD4-C30E-4D3B-8823-238352A3C78E}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |

"UDP Query User{B024FAB1-133C-4BB6-91BA-A88929BD8906}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |

"UDP Query User{C8F37112-8E92-46DF-A019-1247C6A71EEB}C:\users\public\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |

"UDP Query User{D13216B4-65C5-4BBE-977B-EA9587D73970}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"UDP Query User{D69F51FA-CCBD-4769-8289-8EE35DBECCC0}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"UDP Query User{D930BF77-E086-4BF2-AA42-8675E8B69C2A}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

"UDP Query User{DEFD3917-D324-41AE-9DEB-5B528106EBD2}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |

"UDP Query User{E1258A01-93AC-4F39-92AF-DB7BFAC0D717}C:\program files\steam\steamapps\daniel570\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\daniel570\counter-strike source\hl2.exe |

"UDP Query User{E7ED3FCE-8228-4EB4-9DF9-F9446B63D24E}C:\program files\microsoft games\project s\spartan.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |

"UDP Query User{EF7C05FD-7BFB-4C03-8EFF-7EAE06150518}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel® Viiv Software

"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool

"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes

"{18d415fd-4862-4f82-bc6a-64794af28567}" = Nero 9

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack

"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D530942-9B89-4186-98B7-F51000000100}" = Project S

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair

"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{68DD6410-C93E-4BF0-BCEB-17024E27A7AC}" = Smart Technology Programming Software 7.0.0.26

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed

"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11146090}" = Big Kahuna Reef 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = MCF Ravenhearst

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore

Link to post
Share on other sites

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [CCUTRAYICON] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    [2010/10/18 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG10
    [2010/05/07 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG9

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites

OTL logfile created on: 25/05/2011 3:19:21 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nick\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.62% Memory free

6.17 Gb Paging File | 4.93 Gb Available in Paging File | 79.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 44.26 Gb Free Space | 19.40% Space Free | Partition Type: NTFS

Drive D: | 227.87 Gb Total Space | 166.06 Gb Free Space | 72.87% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nick\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)

PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)

PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Nick\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel® Corporation)

SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel® Corporation)

SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)

SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)

SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)

SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

========== Driver Services (SafeList) ==========

DRV - (MpKsl85ad75ac) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9054C1D5-CB19-489C-93DA-AA97AB8E8FCB}\MpKsl85ad75ac.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)

DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)

DRV - (SaiK0CC3) -- C:\Windows\System32\drivers\SaiK0CC3.sys (Saitek)

DRV - (SaiU0CC3) -- C:\Windows\System32\drivers\SaiU0CC3.sys (Saitek)

DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)

DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)

DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)

DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()

DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)

DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dbbb8ad&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:38:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:38:47 | 000,000,000 | ---D | M]

[2010/05/04 17:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions

[2011/05/24 21:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gfc1v2n8.default\extensions

[2010/05/06 15:31:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gfc1v2n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/22 13:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/22 13:51:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/22 13:51:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/24 22:35:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] File not found

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)

O4 - HKCU..\Run: [Acer Tour Reminder] File not found

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 15:14:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe

[2011/05/24 22:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/05/24 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\temp

[2011/05/24 22:27:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/05/24 22:27:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/24 22:27:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/24 22:27:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/24 22:27:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/24 22:27:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/05/24 22:22:14 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/05/24 22:14:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/24 22:08:12 | 004,293,296 | R--- | C] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe

[2011/05/24 21:55:49 | 001,422,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe

[2011/05/24 16:40:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nick\Desktop\HijackThis.exe

[2011/05/24 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/05/07 03:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2008/11/18 17:28:26 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2007/07/10 19:00:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 15:14:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe

[2011/05/25 14:45:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/25 14:45:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/25 09:50:59 | 000,631,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/25 09:50:59 | 000,111,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/25 09:45:24 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2011/05/25 09:45:21 | 3220,389,888 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/24 22:35:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/05/24 22:12:34 | 000,000,000 | ---- | M] () -- C:\Users\Nick\AppData\Local\prvlcl.dat

[2011/05/24 22:08:24 | 004,293,296 | R--- | M] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe

[2011/05/24 20:19:56 | 000,124,416 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/24 16:40:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nick\Desktop\HijackThis.exe

[2011/05/24 16:20:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/05/24 11:02:30 | 001,422,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe

[2011/05/10 20:49:18 | 000,001,134 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\wklnhst.dat

[2011/05/05 19:44:23 | 000,000,214 | ---- | M] () -- C:\Users\Nick\Desktop\Garry's Mod.url

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 22:27:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/24 22:27:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/24 22:27:46 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/24 22:27:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/24 22:27:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/24 22:24:33 | 3220,389,888 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/24 16:20:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/05/24 16:20:38 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/05/05 19:44:23 | 000,000,214 | ---- | C] () -- C:\Users\Nick\Desktop\Garry's Mod.url

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/01/13 22:39:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2011/01/10 19:24:07 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2010/11/10 21:21:46 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\prvlcl.dat

[2010/10/18 20:12:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2010/10/05 18:35:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010/10/05 18:35:09 | 000,022,328 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys

[2010/10/05 18:34:51 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010/10/05 18:34:50 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe

[2010/10/05 18:34:50 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010/07/07 16:27:30 | 000,034,501 | ---- | C] () -- C:\Windows\scunin.dat

[2010/05/20 15:44:50 | 000,002,535 | ---- | C] () -- C:\Windows\System32\msexcr.ini

[2010/05/20 12:36:17 | 000,001,134 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\wklnhst.dat

[2010/05/19 17:59:05 | 000,076,279 | ---- | C] () -- C:\Windows\War3Unin.dat

[2010/05/16 19:01:35 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2010/05/16 19:01:35 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2010/05/16 19:01:35 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2010/05/16 16:26:08 | 000,035,929 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2010/05/06 12:30:23 | 000,000,020 | ---- | C] () -- C:\Windows\System32\IGFXDEV.DLL

[2010/05/05 21:08:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/05/04 22:44:26 | 000,124,416 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/01 05:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll

[2008/11/18 20:21:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2008/11/18 20:13:43 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

[2008/11/18 17:30:12 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008/11/18 17:30:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008/11/18 17:28:26 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008/11/18 17:26:28 | 000,001,356 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat

[2007/07/10 19:00:15 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/07/10 18:13:03 | 000,000,754 | ---- | C] () -- C:\Windows\generic.ini

[2007/07/10 18:13:03 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007/07/10 18:12:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll

[2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 08:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,631,234 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,111,812 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/11/18 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Acer

[2010/10/18 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG10

[2010/05/07 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG9

[2011/03/04 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DarksporeData

[2010/06/13 21:57:13 | 000,000,000 | -H-D | M] -- C:\Users\Nick\AppData\Roaming\ijjigame

[2008/11/18 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Leadertech

[2010/08/27 14:57:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\LolClient

[2011/01/23 20:11:57 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files

[2010/12/17 22:30:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Regensoft

[2011/03/02 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\RIFT

[2010/07/07 21:22:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\runic games

[2011/04/12 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SystemRequirementsLab

[2010/05/20 12:36:18 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Template

[2011/05/25 15:15:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent

[2011/05/24 22:43:13 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

You are using peer-to-peer programs, specifically uTorrent.

These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.

If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Adobe Reader 8.1.0

Java

Link to post
Share on other sites

  • 2 weeks later...

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member.

This applies only to the original topic starter. Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.