nsrbgxod.bak

View previous topic View next topic Go down

nsrbgxod.bak

Post by Azag on Thu Oct 29, 2009 5:40 am

Hello, I got on my computer today and was going to open a new word document, but it would not open and some kind of dialog box came up asking to run it as administrator or that i trusted it. I canceled out of it and ran MBAM as i do whenever something unexpected happens on my computer. MBAM found a Trojan.Agent saved as nsrbgxod.bak. I tried removing it and did the removal on reboot that MBAM does, then rescanned to be sure it was taken care of but it is still there so i tried it one more time and it was still there so i decided i should get professional help. Thanks for your time. Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:49 PM, on 10/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Users\Azag-Toth\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Users\AZAG-T~1\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 11225 bytes

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Belahzur on Thu Oct 29, 2009 5:27 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Azag on Thu Oct 29, 2009 8:31 pm

Ok, i installed the new MBAM and updated and it found 10 threats this time.
Here are the results.

Malwarebytes' Anti-Malware 1.41
Database version: 3056
Windows 6.0.6001 Service Pack 1

10/29/2009 2:29:55 PM
mbam-log-2009-10-29 (14-29-55).txt

Scan type: Quick Scan
Objects scanned: 85200
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Azag-Toth\ntuser.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Local\Temp\marxewonsc.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Local\Temp\mxnwsaecro.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Local\Temp\rundll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Local\Temp\spool.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Azag-Toth\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Users\Azag-Toth\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Azag on Thu Oct 29, 2009 8:46 pm

After restart ran quick scan again, found nothing. I'm not sure if the infection is over or if i have to do anything else so i will await further instructions.

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Belahzur on Thu Oct 29, 2009 8:53 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Azag on Thu Oct 29, 2009 9:56 pm

OTL logfile created on: 10/29/2009 3:49:53 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Azag-Toth\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.37% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 109.99 Gb Free Space | 24.19% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.49 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 27.81 Gb Total Space | 1.54 Gb Free Space | 5.55% Space Free | Partition Type: FAT32

Computer Name: ANU
Current User Name: Azag-Toth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/29 15:49:13 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Azag-Toth\Desktop\OTL.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/09/15 18:29:45 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2008/07/07 01:34:59 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/03/17 19:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/03/10 00:08:42 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2008/02/09 04:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 09:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 03:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
PRC - [2006/11/02 09:04:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
PRC - [2005/02/02 09:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\kbd\kbd.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/26 16:58:32 | 03,647,272 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV:64bit: - [2008/03/10 00:08:42 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64 [Auto | Running])
SRV:64bit: - [2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2007/10/18 09:37:22 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/09/15 18:29:45 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/08/25 15:36:09 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/08/19 19:01:19 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 12:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/19 19:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 19:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/06 18:49:34 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2008/03/17 19:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/03/14 19:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
SRV - [2008/02/09 04:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2007/12/04 18:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2007/08/21 13:22:00 | 00,267,096 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/12 03:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Stopped])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/02 09:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/28 00:18:15 | 00,172,080 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV:64bit: - [2009/02/19 13:31:42 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV:64bit: - [2009/02/19 13:31:18 | 00,047,664 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV:64bit: - [2009/02/19 13:31:00 | 00,266,800 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV:64bit: - [2009/02/19 13:30:58 | 00,145,456 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV:64bit: - [2009/02/19 13:30:58 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV:64bit: - [2009/02/19 13:30:58 | 00,016,432 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV:64bit: - [2008/10/06 11:53:26 | 00,018,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Running])
DRV:64bit: - [2008/07/30 17:55:06 | 00,025,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV:64bit: - [2008/07/11 11:16:50 | 00,015,272 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV:64bit: - [2008/07/07 02:02:29 | 00,085,424 | ---- | M] () -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV:64bit: - [2008/02/12 09:50:14 | 00,286,208 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3 [On_Demand | Running])
DRV:64bit: - [2008/02/12 09:48:10 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV:64bit: - [2008/02/12 09:47:08 | 01,481,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP [On_Demand | Running])
DRV:64bit: - [2008/01/31 05:51:00 | 00,476,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL [On_Demand | Stopped])
DRV:64bit: - [2008/01/31 05:51:00 | 00,440,880 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP [On_Demand | Running])
DRV:64bit: - [2008/01/31 05:51:00 | 00,032,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV:64bit: - [2008/01/20 20:47:04 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV:64bit: - [2007/10/18 09:37:10 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio [Auto | Running])
DRV:64bit: - [2007/02/16 11:12:36 | 00,012,848 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV:64bit: - [2007/02/15 16:11:26 | 00,012,976 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV:64bit: - [2006/06/19 08:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV:64bit: - [2005/09/23 23:18:34 | 00,261,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus [On_Demand | Running])
DRV:64bit: - [2005/06/14 14:01:16 | 00,296,448 | ---- | M] () -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock [Auto | Stopped])
DRV - [2008/12/13 21:28:07 | 00,453,632 | ---- | M] (Aladdin Knowledge Systems) -- C:\Windows\SysWow64\drivers\hardlock.sys -- (Hardlock [Auto | Stopped])
DRV - [2008/09/12 01:33:13 | 00,368,688 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081014.001\IDSviA64.sys -- (IDSvia64 [System | Running])
DRV - [2008/09/02 02:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/02 02:00:00 | 00,128,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/08/20 13:47:38 | 01,458,224 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081017.003\EX64.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2008/08/20 13:47:38 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081017.003\ENG64.SYS -- (NAVENG [On_Demand | Running])
DRV - [2008/07/30 17:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\SysWow64\drivers\COH_Mon.inf -- (COH_Mon [On_Demand | Stopped])
DRV - [2008/02/20 15:26:00 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe -- (monitor [On_Demand | Running])
DRV - [2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/06/19 08:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWow64\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
DRV - [2001/06/21 22:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Stopped])
DRV - [2001/06/21 22:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\Windows\SysWow64\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/29 15:49:13 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Azag-Toth\Desktop\OTL.exe
MOD - [2008/01/20 20:52:09 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/20 20:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.06
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 03:00:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/10/28 23:18:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/28 23:18:20 | 00,000,000 | ---D | M]

[2008/08/18 22:37:58 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Extensions
[2008/08/18 22:37:58 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/29 14:14:03 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Firefox\Profiles\adkws58n.default\extensions
[2009/08/08 03:39:28 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Firefox\Profiles\adkws58n.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/09/08 17:24:55 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Firefox\Profiles\adkws58n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 22:08:28 | 00,000,000 | ---D | M] -- C:\Users\Azag-Toth\AppData\Roaming\mozilla\Firefox\Profiles\adkws58n.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/08/18 22:37:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/10/28 23:18:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/28 23:18:09 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/10/28 23:18:09 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/03/31 22:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2008/12/03 17:46:52 | 00,026,624 | ---- | M] (Worldweaver Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npDXStudioPlugin.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/10/28 23:18:09 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2008/08/26 04:34:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2008/08/26 04:34:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2008/08/26 04:34:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2008/08/26 04:34:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2008/08/26 04:34:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2008/08/26 04:34:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2008/08/26 04:34:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/10/17 11:49:11 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/17 11:49:11 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/10/17 11:49:11 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/17 11:49:11 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/10/17 11:49:11 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/10/17 11:49:11 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/17 11:49:11 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d4909e1b-fcbe-11dd-97c7-001fe2018ab3}\Shell\AutoRun\command - "" = K:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\TI1_Unwrap_UVW.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/29 15:48:58 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Azag-Toth\Desktop\OTL.exe
[2009/10/22 22:28:20 | 00,000,000 | ---D | C] -- C:\Users\Azag-Toth\Desktop\Mixing Audio
[2009/10/13 22:37:19 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 22:37:17 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 22:37:14 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 22:37:14 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 22:37:13 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 22:37:13 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 22:37:13 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 22:37:12 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 22:37:12 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 22:37:12 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 22:37:12 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 22:37:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 22:37:12 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 22:37:12 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 22:37:12 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 22:37:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 22:37:12 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 22:37:11 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/13 22:37:11 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 22:37:11 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 22:37:11 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 22:34:09 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 22:33:57 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/07 11:29:35 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/07 11:29:34 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/07 11:29:34 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/07 11:29:22 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/07 11:29:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2009/10/29 15:49:16 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 15:49:16 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 15:49:13 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Azag-Toth\Desktop\OTL.exe
[2009/10/29 14:41:57 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/29 14:41:57 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/29 14:41:57 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/29 14:34:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/29 14:34:16 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/29 14:33:09 | 03,396,480 | -H-- | M] () -- C:\Users\Azag-Toth\AppData\Local\IconCache.db
[2009/10/29 14:10:47 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 20:40:34 | 00,139,264 | ---- | M] () -- C:\Users\Azag-Toth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 20:39:38 | 00,001,402 | ---- | M] () -- C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2009/10/26 22:27:38 | 00,000,566 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Azag-Toth.job
[2009/10/26 17:56:36 | 00,312,832 | ---- | M] () -- C:\Users\Azag-Toth\Documents\Journal.wps
[2009/10/26 17:56:36 | 00,013,724 | ---- | M] () -- C:\Users\Azag-Toth\AppData\Roaming\wklnhst.dat
[2009/10/24 14:25:43 | 00,018,944 | ---- | M] () -- C:\Users\Azag-Toth\Documents\time machine song.wps
[2009/10/23 14:33:54 | 00,018,432 | ---- | M] () -- C:\Users\Azag-Toth\Documents\beutiful decay.wps
[2009/10/23 00:20:39 | 00,019,968 | ---- | M] () -- C:\Users\Azag-Toth\Documents\revenge story.wps
[2009/10/20 03:01:09 | 00,025,088 | ---- | M] () -- C:\Users\Azag-Toth\Documents\the great heresy, on earth as it is in heaven.wps
[2009/10/18 22:06:58 | 00,017,408 | ---- | M] () -- C:\Users\Azag-Toth\Documents\some quotes.wps
[2009/10/18 18:16:49 | 00,017,408 | ---- | M] () -- C:\Users\Azag-Toth\Documents\idiot war.wps
[2009/10/17 15:53:31 | 00,018,432 | ---- | M] () -- C:\Users\Azag-Toth\Documents\can i.wps
[2009/10/17 00:31:14 | 00,028,160 | ---- | M] () -- C:\Users\Azag-Toth\Documents\Graphic Novel - outline.wps
[2009/10/17 00:31:06 | 00,093,184 | ---- | M] () -- C:\Users\Azag-Toth\Documents\graphic novel.wps
[2009/10/16 23:18:15 | 00,018,432 | ---- | M] () -- C:\Users\Azag-Toth\Documents\stand.wps
[2009/10/16 23:14:43 | 00,019,456 | ---- | M] () -- C:\Users\Azag-Toth\Documents\ignot.wps
[2009/10/14 19:23:12 | 00,064,000 | ---- | M] () -- C:\Users\Azag-Toth\Documents\book.wps
[2009/10/14 16:40:21 | 00,017,408 | ---- | M] () -- C:\Users\Azag-Toth\Documents\songida.wps
[2009/10/14 14:05:20 | 00,019,456 | ---- | M] () -- C:\Users\Azag-Toth\Documents\sociology.wps
[2009/10/14 01:03:22 | 00,018,432 | ---- | M] () -- C:\Users\Azag-Toth\Documents\idea10-14.wps
[2009/10/13 19:09:16 | 00,016,896 | ---- | M] () -- C:\Users\Azag-Toth\Documents\research.wps
[2009/10/11 20:14:06 | 00,019,456 | ---- | M] () -- C:\Users\Azag-Toth\Documents\10-11-09-walgreens.wps
[2009/10/10 17:45:28 | 00,020,992 | ---- | M] () -- C:\Users\Azag-Toth\Documents\space show.wps
[2009/10/07 21:43:46 | 00,224,768 | ---- | M] () -- C:\Users\Azag-Toth\Documents\resumizzle.wps
[2009/10/04 00:04:09 | 00,018,432 | ---- | M] () -- C:\Users\Azag-Toth\Documents\write journal.wps
[2009/10/02 12:40:19 | 26,575,296 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/09/30 04:28:25 | 00,019,456 | ---- | M] () -- C:\Users\Azag-Toth\Documents\devart.wps
[2009/09/29 21:28:11 | 00,017,408 | ---- | M] () -- C:\Users\Azag-Toth\Documents\idea thing.wps

========== Files - No Company Name ==========
[2009/10/28 20:39:38 | 00,001,402 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2009/10/24 14:25:43 | 00,018,944 | ---- | C] () -- C:\Users\Azag-Toth\Documents\time machine song.wps
[2009/10/23 14:33:54 | 00,018,432 | ---- | C] () -- C:\Users\Azag-Toth\Documents\beutiful decay.wps
[2009/10/22 22:27:47 | 00,019,968 | ---- | C] () -- C:\Users\Azag-Toth\Documents\revenge story.wps
[2009/10/18 22:06:58 | 00,017,408 | ---- | C] () -- C:\Users\Azag-Toth\Documents\some quotes.wps
[2009/10/18 18:16:49 | 00,017,408 | ---- | C] () -- C:\Users\Azag-Toth\Documents\idiot war.wps
[2009/10/17 15:53:31 | 00,018,432 | ---- | C] () -- C:\Users\Azag-Toth\Documents\can i.wps
[2009/10/16 23:18:15 | 00,018,432 | ---- | C] () -- C:\Users\Azag-Toth\Documents\stand.wps
[2009/10/16 23:14:43 | 00,019,456 | ---- | C] () -- C:\Users\Azag-Toth\Documents\ignot.wps
[2009/10/14 16:40:21 | 00,017,408 | ---- | C] () -- C:\Users\Azag-Toth\Documents\songida.wps
[2009/10/14 14:05:20 | 00,019,456 | ---- | C] () -- C:\Users\Azag-Toth\Documents\sociology.wps
[2009/10/14 01:03:22 | 00,018,432 | ---- | C] () -- C:\Users\Azag-Toth\Documents\idea10-14.wps
[2009/10/13 22:37:54 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 22:37:19 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 22:37:17 | 09,236,992 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 22:37:16 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 22:37:13 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 22:37:13 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 22:37:13 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 22:37:13 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 22:37:13 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 22:37:12 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 22:37:12 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 22:37:12 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 22:37:12 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 22:37:12 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 22:37:12 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 22:37:12 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 22:37:12 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 22:37:11 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/13 22:37:11 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 22:37:11 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 22:37:11 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 22:37:11 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 22:34:09 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 22:34:00 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 22:33:57 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 19:09:16 | 00,016,896 | ---- | C] () -- C:\Users\Azag-Toth\Documents\research.wps
[2009/10/12 20:09:18 | 00,064,000 | ---- | C] () -- C:\Users\Azag-Toth\Documents\book.wps
[2009/10/11 20:14:06 | 00,019,456 | ---- | C] () -- C:\Users\Azag-Toth\Documents\10-11-09-walgreens.wps
[2009/10/07 21:37:04 | 00,224,768 | ---- | C] () -- C:\Users\Azag-Toth\Documents\resumizzle.wps
[2009/10/07 11:29:52 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/07 11:29:51 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/07 11:29:51 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/07 11:29:51 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/07 11:29:35 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/07 11:29:34 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/07 11:29:34 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/07 11:29:22 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/07 11:29:22 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/04 00:03:53 | 00,018,432 | ---- | C] () -- C:\Users\Azag-Toth\Documents\write journal.wps
[2009/10/02 11:39:39 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/09/30 04:28:25 | 00,019,456 | ---- | C] () -- C:\Users\Azag-Toth\Documents\devart.wps
[2009/09/29 21:28:11 | 00,017,408 | ---- | C] () -- C:\Users\Azag-Toth\Documents\idea thing.wps
[2009/09/17 16:31:12 | 00,000,364 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/02/16 13:50:52 | 00,013,533 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Roaming\UserTile.png
[2008/09/15 18:25:40 | 00,007,149 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt
[2008/09/15 18:25:38 | 00,001,554 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\uxeventlog.txt
[2008/09/15 18:25:38 | 00,000,754 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\dd_dotnetfx20error.txt
[2008/09/15 18:25:37 | 00,025,440 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\dd_dotnetfx20install.txt
[2008/08/29 16:45:13 | 00,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Particular.exe
[2008/08/25 23:39:55 | 00,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Echospace.exe
[2008/08/23 23:02:45 | 00,013,724 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Roaming\wklnhst.dat
[2008/08/19 15:33:05 | 00,139,264 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/18 23:11:02 | 03,396,480 | -H-- | C] () -- C:\Users\Azag-Toth\AppData\Local\IconCache.db
[2008/08/18 22:09:28 | 00,106,848 | ---- | C] () -- C:\Users\Azag-Toth\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/05/06 18:19:11 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 18:19:11 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/06/27 17:13:51 | 00,516,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2007/01/26 02:04:12 | 00,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 02:04:12 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2007/01/10 08:44:26 | 01,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2006/11/02 09:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 09:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 06:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
< End of report >

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Azag on Thu Oct 29, 2009 9:56 pm

OTL Extras logfile created on: 10/29/2009 3:49:54 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Azag-Toth\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.37% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 109.99 Gb Free Space | 24.19% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.49 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 27.81 Gb Total Space | 1.54 Gb Free Space | 5.55% Space Free | Partition Type: FAT32

Computer Name: ANU
Current User Name: Azag-Toth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\Wscript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\Wscript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\Wscript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\Wscript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\Wscript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\Wscript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\Wscript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\Wscript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0398EF52-C65F-4FB5-B085-DA495840BC05}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0D57D192-3E23-4639-B17E-A8DC16CC29C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13AB1DAA-F126-4323-B6AC-F172E2BCC047}" = lport=6994 | protocol=6 | dir=in | name=blizzard-6994 |
"{1AD41E1A-8DB1-45AF-ACE2-80EB131A4279}" = lport=139 | protocol=6 | dir=in | app=system |
"{26BB4C7D-35D9-4583-8EC1-D170F6456E59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28CDFF59-98A3-4789-996E-EC549F686582}" = lport=6999 | protocol=6 | dir=in | name=blizzard-6999 |
"{40CCF359-B0E2-4270-BC6A-FA1D34A4F7A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{42B3FE94-2F9A-4619-985F-BF8F40F73132}" = lport=6998 | protocol=6 | dir=in | name=blizzard-6998 |
"{6319BF67-1E87-4A6F-8371-AA10309B975C}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B8DBF26-4BA6-4727-8B7D-9CE7D33C17F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70AFE7C6-D858-4203-B772-7A91BBB1BB21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77D8030A-A8F8-469B-81F4-34B0770D64D8}" = lport=6996 | protocol=6 | dir=in | name=blizzard-6996 |
"{79523BAE-EF75-494F-8923-2966CCE5C8C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{860F0BDC-3D61-41F2-8CA6-A3609B0AF2E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A76D9F5-52BF-4117-9BF6-97B015526AD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A420C96D-2AC7-470C-92FA-337235D8AFF3}" = lport=6112 | protocol=6 | dir=in | name=blizzard-6112 |
"{B9F8C34C-5B30-474F-85E7-F624B237F54E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C363E0E6-3296-41F2-BD1A-90355DAAA2CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA309FD7-8FF1-4D61-B17A-8CF44464656C}" = lport=6995 | protocol=6 | dir=in | name=blizzard-6995 |
"{DAC0A7AD-B463-4CA2-88C3-60C66AD4D6AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBA0BD03-09AC-4680-9D94-3E0ACB839D35}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF55602B-DE86-4411-B29E-8469930D1001}" = rport=138 | protocol=17 | dir=out | app=system |
"{E0E42DD6-9B90-4021-9E02-9D3C6E122D9A}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC553A6C-EE29-45E4-BAD1-D9200AA5C705}" = lport=6881 | protocol=6 | dir=in | name=blizzard 6881 |
"{EF5FA0A6-80CF-4BEE-808F-AAFCBFBC86CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F428B220-6C4E-4568-A0F4-144ACBBB4818}" = rport=137 | protocol=17 | dir=out | app=system |
"{F57DF312-1BD4-4848-90D2-4C0C28BA2FFF}" = lport=6997 | protocol=6 | dir=in | name=blizzard-6997 |
"{F7575128-E33B-4CAA-AD89-07188EB9E8D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07415EEF-10B1-4F76-9873-C5C461ED6F10}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{0F2E2E56-F976-47B4-A5AB-707F74FBEBC6}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{115CC878-971D-4467-B54B-532174D84C99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{172A0751-43CB-4BA8-9B86-9AE8632B118D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{2E2A51F6-812B-4100-ADAA-A881C0DD1756}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{3CE4E572-294E-4CC8-A270-245DEE0B3C4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E7A2EEE-3CCF-4516-AB21-C85077CCDF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{5B3804DA-3DBB-45C1-B5D4-DDD5D35BE8B3}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{5CD7F419-6B9A-49D1-91F8-D7BB56E72CF5}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{5F78FA18-4D4D-4B16-AEEE-9C379E852C82}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C683190-BA3B-424F-A626-FA45524665D6}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6DCE342A-5F2D-41D0-B268-F67D5C27F16F}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{6EA6482C-0F07-42B1-A1B6-112B125305BD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{72A00353-67BC-4F5B-85FE-EE041BD13EC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AFCC985-B973-4C2B-B922-F3FA20D7C0F9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{7F92BAAD-DBB7-4A7F-B64B-83139A298782}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{8057EB3A-4B15-4EC1-9D2E-0C5BFD46B62F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{81448FD0-B84D-4637-BE94-81F310F9C629}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{91D7EF2E-66C8-45EF-B011-2F6AC630115E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe |
"{92B263DE-30CE-427D-9EB3-C3DE835CAD52}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{99E5E229-38FD-4F8A-99AA-5C218A2C0554}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{AFDF8187-568B-42EF-BA5C-5F56E15B76DE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{B4D5C29E-C475-4B77-B250-B62C82A47530}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{BD56BE75-21D4-4278-9F54-4662E9E18A85}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe |
"{C18D3669-3300-4F33-801F-A39BBE892D47}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C3109F51-2FAE-45E1-8B5E-53D8A52B0F73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D526BD2D-EDAC-4B4B-A907-BD5E01A81200}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D73D6ACF-F149-4CEC-AA1C-0C89DFC7B351}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{DC776861-16AF-4B37-BF61-4E7FC72DD51A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{DD124D45-7C13-46FA-93D8-80037048CDC8}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{DD5AAFD5-BDE8-46CD-985D-F59E18E7CAFD}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{E51BA9F2-AC6C-484C-9CA1-A8FB6C150818}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E84D1390-6A8F-4B28-8B9B-CD919686D637}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FFAA6F87-FBE6-4615-9738-F16989974266}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"TCP Query User{005F0584-2D94-40EB-9BCB-0A3AC1BD72B2}C:\program files (x86)\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittornado\btdownloadgui.exe |
"TCP Query User{2BA0EA47-F2C9-423A-92D4-744980DD1D1F}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{B1D6435B-0308-4E40-94EA-5A2864F0F4EB}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{CBE4013A-19E1-4642-90BB-DEA0FAA3D0EB}C:\program files (x86)\smith micro\poser pro\poserpro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\poser pro\poserpro.exe |
"TCP Query User{F13F33F1-F501-4AC3-9BE1-5F2208BDE573}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{F1CE267B-0615-498E-9884-2F904CB8396F}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |
"UDP Query User{0D849CA3-F43D-4E4D-8E89-A760460D91D3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{26B7C496-2ED8-4C22-BEDE-E29EF5426D88}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{4800636E-C971-4DE3-B002-266BBF68BC65}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5027F00E-793C-4B66-9019-B8FDEE471B11}C:\program files (x86)\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittornado\btdownloadgui.exe |
"UDP Query User{A755E489-BA4D-497C-B12A-1DD36F98A35C}C:\program files (x86)\smith micro\poser pro\poserpro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\poser pro\poserpro.exe |
"UDP Query User{AEF85780-BF7E-41A7-B385-A1F3B016AFA3}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}" = Autodesk 3ds Max Design 2009 64-bit Architectural Materials Library
"{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{3605AC81-55E5-0409-BB41-0407FB67C639}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 64-bit
"{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}" = Autodesk 3ds Max Design 2009 64-bit ProMaterials™ Library
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7A1FD936-C444-0409-92D2-043B1F4ED886}" = Autodesk 3ds Max Design 2009 64-bit Movies
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{965043A4-9A44-4D1D-9257-2E5D4B865683}" = SymNet x64
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A7D48BF6-8ED8-4B91-8267-34CDE7807D05}_is1" = HP Demo
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0751A-3F16-0409-9F9B-FF3DC390F139}" = Autodesk 3ds Max Design 2009 64-bit Vault 2008 Plug-In
"{CD853BA5-AA85-0409-85DC-A805D779DCA8}" = Autodesk 3ds Max Design 2009 64-bit Additional Maps and Material Libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max Design 2009 64-bit
"{F303C668-7674-484A-8C04-579881C382F8}" = Norton Protection Center
"{FA3E35E2-F088-0409-A563-C96430FF73F6}" = Autodesk 3ds Max Design 2009 64-bit Vault 2009 Plug-In
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max Design 2009 32-bit Movies
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC9BD1-8DB8-461C-80B2-7264AFA54EE2}" = Mudbox 1.0
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max Design 2009 32-bit
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"BitTornado" = BitTornado 0.3.17
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"DreamStation DXi2" = DreamStation DXi2
"DX Studio Player" = DX Studio Player
"DXStudio v3.0.0_is1" = DX Studio v3.0.0
"eGaming Runtime 32bit" = eGaming Runtime 32bit
"Explorations v9.0 RPG System v9.0b" = Explorations v9.0 RPG System v9.0b
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Guild Wars" = Guild Wars
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LOOXIS Faceworx_is1" = LOOXIS Faceworx 1.0
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NFOpad" = NFOpad 1.5
"particleIllusion 3.0" = particleIllusion 3.0
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Poser Pro_is1" = Poser Pro
"PowerISO" = PowerISO
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealityFactory_is1" = RealityFactory 0.75A
"SONARStudio_is1" = SONAR 7 Studio Edition
"Sphere" = Sphere (remove only)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Wacom Tablet Driver" = Wacom Tablet
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2009 5:37:01 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/14/2009 5:37:02 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/14/2009 5:37:02 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/14/2009 5:38:05 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/14/2009 5:38:05 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/15/2009 3:53:18 PM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/17/2009 2:01:19 PM | Computer Name = ANU | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c,
exception code 0xc0000005, fault offset 0x00038925, process id 0xe88, application
start time 0x01ca4f528c22b998.

Error - 10/18/2009 11:57:00 PM | Computer Name = ANU | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x13d4, application start time 0x01ca50702d58c118.

Error - 10/24/2009 2:53:39 AM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/25/2009 3:53:52 PM | Computer Name = ANU | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 7/16/2009 11:58:33 AM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:03:43 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:08:55 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:14:06 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:19:17 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:24:29 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:29:40 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:34:51 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:40:01 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 7/16/2009 12:45:11 PM | Computer Name = ANU | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.7. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.


< End of report >

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Belahzur on Fri Oct 30, 2009 1:11 am

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Java(TM) SE Runtime Environment 6 Update 1
  • Click on the Uninstall/Change button at the top.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Azag on Fri Oct 30, 2009 1:26 am

Everything seems to be running fine, i can open Microsoft works now. MBAM doesn't find any threats when i scan. And the computer seems to be running a bit faster. Thank you so much for all the help. Let me know if i need to do anything else or if the disinfection is complete.

Azag
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-20
OS OS : XP
Points Points : 26956
# Likes # Likes : 0

View user profile

Back to top Go down

Re: nsrbgxod.bak

Post by Belahzur on Fri Oct 30, 2009 1:28 am

Hello.
This should be fine to me, the log looks okay to me.
You can remove OTL. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum