X302Z

Members
  • Content count

    10
  • Joined

  • Last visited

About X302Z

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. My apologies on the delayed reply. Thanks for all your help. I've ran scans with both updated MalwareBytes and KasperSky and they both report no infections and threats.
  2. Right, doing, but I have a lot of files so it'll take awhile.
  3. Everything looks clean as a whistle. Once again, thanks a lot. avenger.txt
  4. Most of the log space is wasted with my games... TDSSKiller.2.2.7.1_27.02.2010_10.28.44_log.txt
  5. That's... quite the number of lines. Truly, thanks for the help.
  6. OTL Extras logfile created on: 27/02/2010 10:04:36 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Owner\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 288.73 Gb Total Space | 133.85 Gb Free Space | 46.36% Space Free | Partition Type: NTFS Drive D: | 9.36 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 259.63 Gb Free Space | 55.74% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 1 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) "C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BF181F3-B7DE-4EE7-8CBD-02FD571C0D78}" = rport=138 | protocol=17 | dir=out | app=system | "{16B49F1C-F26E-4077-95D4-9584EEDF76B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{22E27728-8B17-4F37-9F1C-564A00D93E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24070B9C-CED6-49B3-9860-59332A135364}" = lport=139 | protocol=6 | dir=in | app=system | "{24489D63-D5C6-4D13-AE39-1AF17FF3D86C}" = lport=137 | protocol=17 | dir=in | app=system | "{256CF477-DF63-42C9-802E-B4F8A83C6028}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{44811EC8-51FE-469C-980D-2F39B1DB79BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{507CBD19-08AF-4387-AEBF-8DDB5203EECC}" = lport=138 | protocol=17 | dir=in | app=system | "{5F4FC3FD-CBB4-47B6-9A62-82C8635BBA10}" = lport=445 | protocol=6 | dir=in | app=system | "{71DD8C8B-3EB2-4269-AA08-560146692493}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{786DCA49-BD7A-45F3-9EF6-BD1D3336EF9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{83985B32-1779-42D7-9A9A-905DC54F3B75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{83F12056-E6B7-4DEF-9E7E-18521D235DA8}" = rport=445 | protocol=6 | dir=out | app=system | "{B0A05B16-1A81-4BC9-B58C-D38DFAA12304}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CAF2A5DB-710A-4851-B48A-0E0EDE894A62}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CCFD2501-8F11-4A55-B9F8-EC389BFFE5F0}" = rport=139 | protocol=6 | dir=out | app=system | "{D508F37C-7591-47FC-8683-C01862D462E6}" = lport=2869 | protocol=6 | dir=in | app=system | "{DD0E693F-CEDC-46EA-AD6E-405324BF980A}" = rport=137 | protocol=17 | dir=out | app=system | "{E41605F2-C68E-4700-8D8B-990326B11DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECBB4AD2-07AF-4669-A955-31F5D35CD750}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0078C78C-8592-462F-AE5B-3937B2AA0DE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{06C62FFC-B693-4559-8F74-013101C5D6A3}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\gffeditor.exe | "{09125835-0650-4A35-9CA2-99AB358B1C75}" = protocol=6 | dir=in | app=e:\program files\dragon age\daoriginslauncher.exe | "{0AF787E5-837F-48F7-AE9E-1A85E9910744}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{1D4E0004-D198-4AF3-A15C-5FBC7444F587}" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{22C32E8B-1B47-4BB4-A481-462D205E1E36}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\lightmapper\eclipseray.exe | "{240CFD1B-F144-41D8-8A77-71E63C1C0D9D}" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "{2BFF5EF1-62B6-44F6-BA27-286FDB403000}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2D0E1494-2612-475D-9C35-08AB73CE7C45}" = protocol=17 | dir=in | app=e:\program files\dragon age\daoriginslauncher.exe | "{2F031F7F-3928-440F-8459-919B5A3A0CBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{36B802AB-6FD7-4E97-A1BB-03B6A3C00C1F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{3D0AA150-6D64-4A3D-8F82-A029CA193489}" = protocol=6 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3x.exe | "{3EBB0DE3-8DB3-45C5-99A0-CD7E7F76AF93}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\rpu.exe | "{41B368C5-F2D6-4BDF-AAE3-02DD572E5A9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{48C2CD72-88B4-4C24-B3D3-56665EDD8D27}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\dragonagetoolset.exe | "{52DAE5CE-CE98-43DE-993A-B40FD69667A8}" = protocol=17 | dir=in | app=e:\program files\dragon age\bin_ship\daupdatersvc.service.exe | "{57E7FAB8-E55B-487A-8691-686FB403841E}" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "{5C03AD17-865D-4263-B04F-B5B9A0823A59}" = protocol=6 | dir=in | app=e:\program files\dragon age\bin_ship\daorigins.exe | "{5C312DCD-C144-48E8-9386-F6A23C98D873}" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx10.exe | "{616BE16D-CDED-4142-8552-354896812C11}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{6454777C-823F-4C73-98F4-C0512D588B0C}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\rpu.exe | "{668977C3-6B46-4CD1-AB73-FE59FC2A2F79}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\erfeditor.exe | "{6884F8A1-B0AD-4E9C-B6D9-EB38B978C980}" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe | "{699371CE-ED25-441B-97A1-3DA0144483BC}" = protocol=17 | dir=in | app=e:\program files\dragon age\tools\gffeditor.exe | "{6A808EE1-05D7-4754-9270-49118CCF4E06}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\lightmapper\eclipseray.exe | "{6AF18044-513F-4D18-9C11-2D7E072CF565}" = protocol=17 | dir=in | app=c:\windows\system32\forcebindip.exe | "{6BEA7A6A-7E0D-45BD-BBD3-CE42CA1C1D7A}" = protocol=6 | dir=in | app=e:\program files\dap\dap.exe | "{6CA3BC35-5738-4331-B787-E87205EECED8}" = protocol=17 | dir=in | app=e:\program files\dragon age\bin_ship\daorigins.exe | "{75E5EF62-8437-4446-9C17-13A3456949B3}" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe | "{77A85EAD-4BE1-4B35-ACAE-813CB3726636}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7AAEE1F5-B7EA-4E7D-B9E0-B3CBD2C971EF}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe | "{7DF7909C-B5D6-470E-8E66-AF97DC3609A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{873478CF-C7C7-4F31-B7D0-3A5DA1916D60}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{8A617241-185C-40D0-AD31-19A4D4DAB43F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{964F6EA7-B89C-41F3-875D-091D2D5811B8}" = protocol=6 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3y.exe | "{9798273D-9885-4A56-80B4-2A5AFF43E979}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{97F476AF-AC67-4F16-9BFC-E30C9710A072}" = protocol=17 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3x.exe | "{A0F884FB-CD95-410A-803D-B8C22AC2EAB2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{AC62A7E9-89BF-48C8-BDDD-1B5988628E35}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{AD73850B-1BAF-478D-9CAE-CFD2C9EFD136}" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "{B11C2D93-C847-4C22-B693-E02A5489F593}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{B2877A7D-B666-40F2-B360-7F5CCBABA7F0}" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe | "{BA33E6C5-2412-461B-B82C-C3DBF5B9B69E}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe | "{BB0446F1-4758-4965-A128-A7A4BD8270CE}" = protocol=17 | dir=in | app=e:\program files\dap\dap.exe | "{C2C3A5CB-A7A6-4212-AF8B-7CB1EC34553D}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\dragonagetoolset.exe | "{CE21EE90-45D4-4CC7-AAC6-E798BB630288}" = protocol=6 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{CE30F125-0370-4149-8024-25A67ADAD668}" = protocol=17 | dir=in | app=e:\program files\microsoft games\age of empires iii\age3y.exe | "{CF45F742-93AE-4D19-947C-8F5343134CD9}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{D4C76010-B2F1-45B2-AFB2-02A0A12FE1DF}" = protocol=6 | dir=in | app=e:\program files\dragon age\tools\erfeditor.exe | "{D5688735-85F0-4E11-A496-FC184268E9F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D69EE59F-0596-4038-821C-D138495EF744}" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "{D8259FDD-D835-43AD-9549-3ABE2C34DCD5}" = protocol=6 | dir=in | app=c:\windows\system32\forcebindip.exe | "{DA7C1096-AC15-42E7-97C9-7A3B0BA14675}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "{DB618D2A-938F-4FAD-9DF3-EB54AC9D4991}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E67C3014-F797-430D-9EA6-EDF5C62F9044}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{E7336984-7714-489D-A460-34E53D36E754}" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx10.exe | "{E79050A5-A6AD-408D-9D3F-2A3E7F8D0315}" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{EADC370E-31B0-4B8B-8AD8-EE80FC97C795}" = protocol=6 | dir=in | app=e:\program files\dragon age\bin_ship\daupdatersvc.service.exe | "{ECF7AD94-A15C-4E7A-9957-E7C953E791C2}" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe | "{EE8491CB-0CE7-4826-81DB-46E31A8958FD}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "{EF119E70-C4A4-46C7-8793-B90F68F8E9FF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{F188B1CC-7FD9-41D9-A83C-C2FAADA27CE4}" = protocol=17 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{FE338F7C-7201-449A-9DE6-B1A46236FA91}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "TCP Query User{30542B87-C5B7-4FC3-81FC-8E4EC0180A5C}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{31E9E0F8-400F-4FCA-9C47-4F71B58F1182}E:\program files\dawn of war ii\dow2.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war ii\dow2.exe | "TCP Query User{323FD097-34BF-4E15-8B01-27C6CE04E595}E:\program files\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=e:\program files\saints row 2\sr2_pc.exe | "TCP Query User{3AD5338B-2637-4568-845A-51FE8A750072}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{42DC32DE-BAEC-449C-BF0B-D55FAE4D9733}E:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead\left4dead.exe | "TCP Query User{6BC9C18B-BB92-4549-B66B-E6AE7C4DB428}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{6E75CBE1-5D48-4A48-8BDF-CC8674D9F7B2}E:\program files\dawn of war 2\stuff\archive\archive.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war 2\stuff\archive\archive.exe | "TCP Query User{6F70E081-44C0-4E08-8F46-B8F06F551C22}E:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=6 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe | "TCP Query User{7056883D-1DA9-43A6-9B2C-BBB0D6F2C0CC}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe | "TCP Query User{84BA8579-D9F0-40AA-B7EE-D8F32945975F}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | "TCP Query User{85E8AE16-0F66-4BBE-959A-91CD217496CC}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{89B28F0A-6603-43A8-ACF6-3A8C29D74CD5}E:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{8C7337F8-C37E-4CE0-B47E-D0DC70B27AE1}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | "TCP Query User{A5D495F7-739F-42D1-88B9-D685DF4DA6AB}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | "TCP Query User{AAA0280D-794C-458C-AE6B-C0B2310702E3}E:\program files\gunz\gunz.exe" = protocol=6 | dir=in | app=e:\program files\gunz\gunz.exe | "TCP Query User{AAD001EE-E7CB-4A69-BDE5-4F195CCE80F0}E:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe | "TCP Query User{B4369936-B7B8-4ABF-8418-6C1FEE388FB8}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | "TCP Query User{B5C445B3-FDC3-4A74-BC73-28AC02961C54}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{B763513D-FC65-47F9-B86A-A66D12D4F727}E:\program files\left 4 dead\left4dead (original).exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead\left4dead (original).exe | "TCP Query User{B8C4AAB7-3092-454D-9CA2-1F76D2F578FE}E:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=e:\program files\starcraft\starcraft.exe | "TCP Query User{BB40A7E7-1218-4BBB-AC22-8B0331BF9861}E:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe | "TCP Query User{BCADFEF5-5F83-4AED-BFB0-B925AD4A569A}E:\program files\garena\garena.exe" = protocol=6 | dir=in | app=e:\program files\garena\garena.exe | "TCP Query User{BFF8DB50-0B52-4045-B070-C8215B176E10}E:\program files\gunz\gunz.exe" = protocol=6 | dir=in | app=e:\program files\gunz\gunz.exe | "TCP Query User{C2E74046-F130-4268-97EB-A37882230593}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | "TCP Query User{D055D0C2-024C-4FAD-BFD1-4DB4CCA77EC6}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe | "TCP Query User{D5356D05-129E-4411-AFCA-8BCDE54A9B3D}E:\program files\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=e:\program files\dawn of war 2\dow2.exe | "TCP Query User{D864C69C-9FE3-4D94-B774-5C974A4BBB3C}E:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\program files\left 4 dead 2\left4dead2.exe | "TCP Query User{DF41C963-5EF7-4CA1-B86B-5D1B0438C441}C:\windows\system32\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\system32\regsvr32.exe | "TCP Query User{E59C6E88-6981-4258-B8A8-D590326B7717}E:\program files\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=e:\program files\killing floor\system\killingfloor.exe | "TCP Query User{ED35D586-55F5-4402-94A6-0E8E519FB98C}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{F8408A0A-05A2-4AC9-BDF2-7B9AC61166DD}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{00350EA3-1339-44C0-B4E8-0F6D31611B4C}E:\program files\garena\garena.exe" = protocol=17 | dir=in | app=e:\program files\garena\garena.exe | "UDP Query User{0D2BB061-20CB-4AFE-8B13-FBE7D657AF51}E:\program files\left 4 dead\left4dead (original).exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead\left4dead (original).exe | "UDP Query User{0F990C74-B908-4B8F-8588-22BED2ECC3D1}E:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2\battlelanv0.5\battlelanv0.5.exe | "UDP Query User{190B4E4A-604B-4CBF-B1D9-D91E86C8431E}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | "UDP Query User{1D700353-343F-4B45-820E-2D0F3742C3F1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "UDP Query User{334489D1-1B80-41C9-896D-ED60ED39AD6C}E:\program files\gunz\gunz.exe" = protocol=17 | dir=in | app=e:\program files\gunz\gunz.exe | "UDP Query User{362174D7-BA6F-4442-97DB-06E32F9D52BD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | "UDP Query User{3BA19A41-55EE-4FB0-B9FA-636417417E0C}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | "UDP Query User{3C3BA936-767F-48D2-AC13-38AE034DD99F}E:\program files\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war 2\dow2.exe | "UDP Query User{4C95B81A-1C15-4FA3-910B-E867213B937A}E:\program files\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=e:\program files\killing floor\system\killingfloor.exe | "UDP Query User{54467EF6-C725-4AEF-B6D2-36F0B98B0E2D}E:\program files\gunz\gunz.exe" = protocol=17 | dir=in | app=e:\program files\gunz\gunz.exe | "UDP Query User{5609924D-108E-47D7-85A8-ECDE02F9C17A}E:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=e:\program files\starcraft\starcraft.exe | "UDP Query User{6084C54D-B23C-4F89-A829-B1311A62D3A5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{6DC68E72-3969-4706-9F81-EAB1C81DA777}E:\program files\dawn of war ii\dow2.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war ii\dow2.exe | "UDP Query User{70FCA5EA-5209-4336-A408-C7531492F2B2}E:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=17 | dir=in | app=e:\program files\capcom\resident evil 5\re5dx9.exe | "UDP Query User{7690DB85-47AB-4EE4-9EE3-659BB2F223E0}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{7BFA4848-730D-469A-BE59-8AA917CEDCFD}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{836C2705-EC90-499F-A5E7-FC4692389A6C}E:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead\left4dead.exe | "UDP Query User{94FFBC1D-1DFF-450F-8B95-B388DD928FEC}E:\program files\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=e:\program files\saints row 2\sr2_pc.exe | "UDP Query User{98207F75-3578-455C-BBBB-0E4B38CCBB75}E:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\dungeon siege 2 broken worlds\dungeonsiege2.exe | "UDP Query User{9990CED5-828C-48D9-B849-C05CE3FB324C}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{ADA6E0AA-64AB-4374-99F5-C38774B59FBE}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{B9CBD849-5712-472F-B85B-5C474C409057}E:\program files\dawn of war 2\stuff\archive\archive.exe" = protocol=17 | dir=in | app=e:\program files\dawn of war 2\stuff\archive\archive.exe | "UDP Query User{B9EF3BAF-4DF0-4175-9D05-AD7924A89F71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{C6C0EC82-3AC3-4BD7-965F-68AECAC76050}E:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{D9F5A97D-336E-44BB-95AD-B77DC5574F4C}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | "UDP Query User{E1244C16-5BFE-4F5E-BEFE-7FAFBEC98EB6}C:\windows\system32\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\system32\regsvr32.exe | "UDP Query User{E731CE30-83AE-454E-AA9A-D1C1AEA5E6D9}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe | "UDP Query User{EE0B5D6D-D484-4A77-9CAC-87888C7B58AC}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe | "UDP Query User{FB7B0E06-7335-4627-8ED3-B3C5B022FBC5}E:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\program files\left 4 dead 2\left4dead2.exe | "UDP Query User{FE64CB53-A0BB-471E-B312-D159A41B7141}E:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 18 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET) "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4eda61b2-b245-443a-b831-2a0d66cd2e4b}" = Nero 9 Trial "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5 "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1 "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B935D81D-4E99-4D25-B052-776465158019}_is1" = Monster Hunter Frontier Online 09.11.19 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24 "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "ForceBindIP" = ForceBindIP "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HanSetup" = ??? ?? ???? "HijackThis" = HijackThis 2.0.2 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "L4D2SP" = Left 4 Dead 2 Standalone Patch "Left 4 Dead" = Left 4 Dead "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Pangya" = Pangya (Ntreev USA) "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "PowerISO" = PowerISO "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "Starcraft" = Starcraft "SystemRequirementsLab" = System Requirements Lab "Veoh Video Compass" = Veoh Video Compass "Veoh Web Player Beta" = Veoh Web Player "WildTangent hp Master Uninstall" = My HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "XecureCK" = ClientKeeper KeyPro with E2E for 32bit "Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ijji.com" = ijji ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27/02/2010 12:10:38 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\WINDOWS\system32\wscui.cpl". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 27/02/2010 12:10:50 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\WINDOWS\System32\wscui.cpl". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 27/02/2010 12:10:56 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\WINDOWS\System32\wscui.cpl". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 27/02/2010 12:22:52 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 27/02/2010 12:51:18 PM | Computer Name = Owner-PC | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: Owner-PC\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Error - 27/02/2010 12:52:41 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 27/02/2010 1:20:31 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 27/02/2010 1:50:46 PM | Computer Name = Owner-PC | Source = WinDefendRtp | ID = 3003 Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: Owner-PC\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Error - 27/02/2010 1:52:16 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 27/02/2010 2:11:12 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1010 Description = [ System Events ] Error - 26/02/2010 7:04:34 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874 Description = An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 26/02/2010 11:28:58 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001E8CC419AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 27/02/2010 2:32:41 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001E8CC419AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 27/02/2010 12:04:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27/02/2010 12:22:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27/02/2010 12:33:35 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010 Description = Error - 27/02/2010 12:51:08 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:48:26 AM on 27/02/2010 was unexpected. Error - 27/02/2010 12:52:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27/02/2010 1:25:31 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874 Description = An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 27/02/2010 1:52:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
  7. OTL logfile created on: 27/02/2010 10:04:36 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Owner\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 288.73 Gb Total Space | 133.85 Gb Free Space | 46.36% Space Free | Partition Type: NTFS Drive D: | 9.36 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 259.63 Gb Free Space | 55.74% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\System32\PnkBstrA.exe () PRC - C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\WINDOWS\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) ========== Modules (SafeList) ========== MOD - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PnkBstrA) -- C:\WINDOWS\System32\PnkBstrA.exe () SRV - (nvsvc) -- C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (DAUpdaterSvc) -- E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (gupdate1c96ba081b3bb64) Google Update Service (gupdate1c96ba081b3bb64) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (XAudioService) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ehstart) -- C:\WINDOWS\ehome\ehstart.dll (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (JRSKD24) -- C:\WINDOWS\System32\JRSKD24.SYS (SoftForum Corporation) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\WINDOWS\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iastor.sys () DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (MegaSR) -- C:\WINDOWS\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\WINDOWS\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\WINDOWS\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (VST_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (adpahci) -- C:\WINDOWS\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (VSTHWBS2) -- C:\WINDOWS\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (LSI_SAS) -- C:\WINDOWS\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\WINDOWS\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\WINDOWS\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\WINDOWS\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\WINDOWS\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\WINDOWS\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\WINDOWS\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\WINDOWS\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\WINDOWS\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\WINDOWS\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\WINDOWS\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\WINDOWS\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\WINDOWS\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\WINDOWS\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (ql40xx) -- C:\WINDOWS\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\WINDOWS\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\WINDOWS\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\WINDOWS\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\WINDOWS\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\WINDOWS\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\WINDOWS\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\WINDOWS\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\WINDOWS\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\WINDOWS\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\WINDOWS\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\WINDOWS\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (secdrv) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (mdmxsdk) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant) DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/13 15:51:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 03:29:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 03:29:31 | 000,000,000 | ---D | M] [2008/07/27 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2008/07/27 20:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/02/26 02:47:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iiayymmi.default\extensions [2009/08/13 16:21:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iiayymmi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/27 07:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/18 03:29:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/06/15 04:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/06/15 04:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2010/02/27 07:20:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010/02/18 03:29:29 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/02/18 03:29:29 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2008/08/06 15:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/12/17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/07/02 23:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2010/02/18 03:29:30 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/12/18 02:43:52 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/01/16 19:06:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/16 19:06:08 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/16 19:06:08 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/16 19:06:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/16 19:06:08 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/16 19:06:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/01/16 19:06:08 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2009/03/26 16:17:39 | 000,000,703 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (XecureCKKB Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://mhf.hangame.com/common/HanSetup1020.cab (HanSetupCtrl1010 Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\System32\KuGoo3DownXControl.ocx File not found O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\System32\KuGoo3DownXControl.ocx File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/23 03:56:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\_DSII.exe -- File not found O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\_DSII.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 18:34:27 | 000,000,000 | ---D | M] NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 30 Days ========== [2010/02/27 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/02/27 09:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010/02/27 08:46:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/02/27 07:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/02/27 07:20:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/02/27 07:20:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/02/27 07:20:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/02/26 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads [2010/02/26 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2010/02/26 15:40:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\TMRBLog [2010/02/26 15:40:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\log [2010/02/26 14:58:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/26 14:58:44 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/26 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/26 04:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2010/02/24 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2010/02/24 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/02/23 21:13:33 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010/02/23 21:13:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010/02/23 21:13:33 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010/02/23 17:53:02 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll [2010/02/23 17:52:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzres.dll [2010/02/23 17:52:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_isv.exe [2010/02/23 17:52:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_isv.dll [2010/02/23 17:52:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc.dll [2010/02/23 17:52:20 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate.exe [2010/02/23 17:52:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_ssp.exe [2010/02/23 17:52:20 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RMActivate_ssp_isv.exe [2010/02/23 17:52:20 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdrm.dll [2010/02/23 17:52:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_ssp_isv.dll [2010/02/23 17:52:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secproc_ssp.dll [2010/02/23 17:52:14 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gameux.dll [2010/02/23 17:52:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Apphlpdm.dll [2010/02/23 17:52:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\GameUXLegacyGDFs.dll [2010/02/21 13:38:16 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010/02/21 13:38:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010/02/21 13:38:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010/02/21 13:38:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010/02/21 13:37:43 | 000,299,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Documents\dxwebsetup.exe [2010/02/09 21:10:11 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010/02/09 21:10:11 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010/02/09 21:10:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll [2010/02/09 21:10:06 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvfw32.dll [2010/02/09 21:10:06 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll [2010/02/09 21:10:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciavi32.dll [2010/02/06 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Xilisoft Corporation [2010/02/06 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation [2010/02/06 15:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft [2010/02/02 03:57:00 | 011,586,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys [2010/02/02 03:57:00 | 000,068,200 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010/02/02 03:57:00 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvBridge.kmd [2010/02/02 03:56:59 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglv32.dll [2010/02/02 03:56:59 | 004,321,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwgf2um.dll [2010/02/02 03:56:57 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2010/02/02 03:56:57 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2010/02/02 03:56:57 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2010/02/02 03:56:57 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2010/02/02 03:56:57 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod189.dll [2010/01/31 14:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU [2010/01/31 14:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU [2010/01/30 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Dragon Age Toolset [2010/01/30 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2010/01/30 13:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\DAODB [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/27 10:05:42 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\vygkbaq.sys [2010/02/27 10:04:08 | 003,932,160 | -HS- | M] () -- C:\Users\Owner\ntuser.dat [2010/02/27 09:56:47 | 000,003,744 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/27 09:56:47 | 000,003,744 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/27 09:53:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/02/27 09:50:52 | 000,159,455 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/02/27 09:50:52 | 000,159,455 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/02/27 09:50:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/27 09:50:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/27 09:50:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/27 09:49:41 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{9cb06f43-59a2-11de-81e9-001e8cc419ab}.TMContainer00000000000000000001.regtrans-ms [2010/02/27 09:49:41 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{9cb06f43-59a2-11de-81e9-001e8cc419ab}.TM.blf [2010/02/27 09:49:32 | 003,020,376 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2010/02/27 09:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/27 00:37:58 | 000,015,360 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/26 22:44:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{86B9FF9E-01BF-4FA2-B758-D552FC5298CD}.job [2010/02/26 16:26:36 | 001,339,288 | ---- | M] () -- C:\Users\Owner\sar_15_sfx.exe [2010/02/26 15:46:53 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache [2010/02/26 15:39:58 | 002,457,600 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\RootkitBuster.exe [2010/02/26 15:39:52 | 001,074,232 | ---- | M] () -- C:\Users\Owner\RootkitBuster_2.80.1077.zip [2010/02/25 16:23:11 | 000,027,648 | ---- | M] () -- C:\Users\Owner\Lecture topics Spring 20100.xls [2010/02/25 16:21:42 | 000,039,936 | ---- | M] () -- C:\Users\Owner\Reading List 2010-1.doc [2010/02/24 23:51:21 | 000,817,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/02/24 23:51:21 | 000,687,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/02/24 23:51:21 | 000,139,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/02/24 21:08:13 | 000,086,088 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [2010/02/24 20:30:34 | 000,010,094 | -HS- | M] () -- C:\Users\Owner\AppData\Local\684u2uVf [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/02/23 21:12:05 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2.lnk [2010/02/23 20:22:19 | 000,334,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/02/21 13:37:49 | 000,299,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Documents\dxwebsetup.exe [2010/02/19 18:13:56 | 000,020,207 | ---- | M] () -- C:\Users\Owner\Documents\1101 Report Guidelines.docx [2010/02/19 18:13:35 | 000,019,232 | ---- | M] () -- C:\Users\Owner\Documents\BISC 102 RESEARCH PROJECT.docx [2010/02/05 07:09:15 | 000,138,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010/02/05 07:09:08 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010/02/04 21:06:39 | 000,013,824 | ---- | M] () -- C:\Users\Owner\Documents\07B_ThuAM_Exp5_Prelab.xls [2010/02/04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010/02/04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010/02/04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010/02/04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010/02/02 20:22:36 | 000,039,936 | ---- | M] () -- C:\Users\Owner\Documents\Reading List 2010-1.doc [2010/02/01 06:33:42 | 000,028,160 | ---- | M] () -- C:\Users\Owner\Documents\Piece of stuff for Eng102.doc [2010/01/31 18:44:33 | 000,021,176 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS [2010/01/31 18:44:33 | 000,012,728 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/26 16:26:33 | 001,339,288 | ---- | C] () -- C:\Users\Owner\sar_15_sfx.exe [2010/02/26 15:46:53 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache [2010/02/26 15:39:50 | 001,074,232 | ---- | C] () -- C:\Users\Owner\RootkitBuster_2.80.1077.zip [2010/02/25 16:23:10 | 000,027,648 | ---- | C] () -- C:\Users\Owner\Lecture topics Spring 20100.xls [2010/02/25 16:21:42 | 000,039,936 | ---- | C] () -- C:\Users\Owner\Reading List 2010-1.doc [2010/02/24 20:54:03 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/24 19:08:02 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\vygkbaq.sys [2010/02/24 19:06:56 | 000,010,094 | -HS- | C] () -- C:\Users\Owner\AppData\Local\684u2uVf [2010/02/23 21:12:05 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2.lnk [2010/02/19 18:13:55 | 000,020,207 | ---- | C] () -- C:\Users\Owner\Documents\1101 Report Guidelines.docx [2010/02/19 18:13:33 | 000,019,232 | ---- | C] () -- C:\Users\Owner\Documents\BISC 102 RESEARCH PROJECT.docx [2010/02/05 07:09:15 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010/02/04 02:52:41 | 000,013,824 | ---- | C] () -- C:\Users\Owner\Documents\07B_ThuAM_Exp5_Prelab.xls [2010/02/02 20:22:33 | 000,039,936 | ---- | C] () -- C:\Users\Owner\Documents\Reading List 2010-1.doc [2010/02/02 03:57:00 | 000,007,437 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010/01/09 22:13:31 | 001,147,296 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1059.dll [2009/11/27 22:32:19 | 000,000,170 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009/11/05 02:16:40 | 000,159,455 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/05 02:16:35 | 000,159,455 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/10/19 20:26:58 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\EhStorAuthn.dll [2009/09/30 19:48:03 | 001,147,576 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1058.dll [2009/08/15 19:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/08/13 23:38:37 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009/08/01 18:50:55 | 001,147,576 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1057.dll [2009/03/31 01:33:49 | 000,000,510 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/03/07 14:11:18 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/02/10 17:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\downloads.m3u [2009/02/10 17:01:02 | 000,000,189 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.rss [2009/02/10 17:00:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/01/29 22:53:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009/01/25 14:30:54 | 000,001,723 | ---- | C] () -- C:\WINDOWS\TSearch.INI [2008/12/04 19:34:52 | 000,328,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys [2008/10/24 12:59:08 | 000,000,522 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\KB8888239.log [2008/08/25 12:12:54 | 000,022,328 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys [2008/08/09 22:26:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI [2008/07/27 23:58:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/07/27 23:21:35 | 000,000,106 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat [2008/02/23 03:49:26 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008/02/23 03:42:16 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2008/02/23 03:42:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\sysprepMCE.dll [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\WINDOWS\System32\pacerprf.ini [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2008/07/27 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders [2010/02/26 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus [2009/06/13 14:55:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CallingID [2009/06/12 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ClientKeeper [2010/01/30 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dragon Age Toolset [2009/08/24 15:44:11 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame [2008/07/28 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish [2009/08/03 12:17:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SPORE [2009/06/15 04:46:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2008/08/24 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template [2008/08/01 12:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft [2008/08/18 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch [2009/06/15 02:44:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer [2010/02/06 15:27:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation [2010/02/27 09:49:36 | 000,032,632 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2010/02/26 22:44:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{86B9FF9E-01BF-4FA2-B758-D552FC5298CD}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\agp440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys [2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys [2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007/07/12 08:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys [2008/06/02 17:50:10 | 000,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2008/12/04 19:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\System32\DriverStore\FileRepository\iastor.inf_08c343cc\iaStor.sys [2008/12/04 19:34:52 | 000,328,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/20 18:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 18:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 03:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll [2009/03/08 03:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll [2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll [2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008/12/04 19:34:52 | 000,328,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\iaStor.sys [2010/02/27 10:11:50 | 000,791,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\vygkbaq.sys < %systemroot%\System32\config\*.sav > [2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV [2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV [2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E23FEBD6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D74B6CF5 < End of report >
  8. Would it be easier if I just threw my HiJackThis Log in there instead of all my non sense?
  9. So my problem is that I have this file called vygkbaq.sys It's located in C:\WINDOWS\System32\drivers I tried to delete, send, copy, shred, assassinate, whatever it and it gives me the reply: Cannot read from the source file or disk. It's been detected by MBAM as a rootkit but it's not being deleted. This file came with a series of other infections: av.exe 2010, paladin security, win16.exe, some other junk. (It said in the properties that it's created on the same day and time) I deleted all the other stuff with MBAM after a long arduous process but I am not sure if everything is gone. My google searches are still being redirected, my internet is sluggish. I suspect my search function is somehow broken too. I am missing wscui.cpl and cannot do a system restore. I cannot use the restore option given to me on boot up. (It asks me to press F11) (I know Keyboard's fine because I can access BIOS and other stuff) My conclusion is that this file is the source. When I boot into safe mode I also saw that ugly file being loaded onto the drivers' list. When I searched registry for safeboot and checked the list, the file was not listed there. I tried deleting with command prompt, in and out of safe mode and tried modding the protection. I searched and found the file in the registry with 3 entries and am able to delete 2 of the 3 only after editting the permissions. - When I look at the properties of the file it won't allow me to see the permission - When I restart my computer the other 2 registries reappeared. I looked around and found that combofix deletes and rids of common infections. - Upon running combofix, the system processors fills up to 100% and freezes for awhile. - Combofix extracts all the files but does not prompt any action - When ran again, it gave "the blue screen of death". So... Can this be all the work of 1 file? How do I get rid of it? (Im pretty sure it doesnt belong) How do I get wscui.cpl back? (Windows Secruity Control User Interface) Will system restore be fixed when that is gone? I'd really like to avoid reformatting.