pretty sure i have a trojan need help

View previous topic View next topic Go down

pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 12:28 am

i have esset nod 32 and i keep getting this error message

windows/windows system 32/cngaudit.dll

win32 sirefef.A trojan

cannot clean


i saw someone else had a similar problem and ran systemlook with these parameters

:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll


here is the log file i got in response:......please let me know what to do next thank you

Searching for "scecli.dll"
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll --a--- 235520 bytes [22:18 01/06/2009] [07:11 11/04/2009] 9922ADB6DCA8F0F5EA038BEFF339C08B
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll --a--- 177152 bytes [22:18 01/06/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\System32\scecli.dll --a--- 177152 bytes [18:01 04/06/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\SysWOW64\scecli.dll --a--- 177152 bytes [18:01 04/06/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll --a--- 235520 bytes [02:49 21/01/2008] [02:49 21/01/2008] 35F1DD99F9903BC267C2AF16B09F9BF7
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll --a--- 235520 bytes [18:01 04/06/2009] [07:11 11/04/2009] 9922ADB6DCA8F0F5EA038BEFF339C08B
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll --a--- 177152 bytes [02:50 21/01/2008] [02:50 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll --a--- 177152 bytes [18:01 04/06/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll --a--- 717312 bytes [22:19 01/06/2009] [07:11 11/04/2009] A3F1B171702CA04744EE514243B45BFB
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll --a--- 592896 bytes [22:19 01/06/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\System32\netlogon.dll --a--- 592896 bytes [18:01 04/06/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\SysWOW64\netlogon.dll --a--- 592896 bytes [18:01 04/06/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll --a--- 716800 bytes [02:51 21/01/2008] [02:51 21/01/2008] 5D0A4891F8CD0E9E64FF57A6A34044F5
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll --a--- 717312 bytes [18:01 04/06/2009] [07:11 11/04/2009] A3F1B171702CA04744EE514243B45BFB
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll --a--- 592384 bytes [02:48 21/01/2008] [02:48 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll --a--- 592896 bytes [18:01 04/06/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll ------ 7216 bytes [04:34 18/05/2007] [04:34 18/05/2007] C2A279A458A06DE2C83D842AA042B5A8

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\SysWOW64\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll --a--- 14848 bytes [09:24 02/11/2006] [11:16 02/11/2006] 21322B1A2AD337C579F4A65EA0D25193
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 14th November 2009, 12:33 am

cngaudit.dll looks okay.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 1:48 am

ok thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:08 PM, on 11/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\Supertoolbar\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\Supertoolbar\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra button: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra 'Tools' menuitem: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: Justin.tv Publisher - [You must be registered and logged in to see this link.]
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} (PotWeb Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E635477-CD50-4290-8604-680C151E3DA7} (DanaX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} (OpenTV_17FunTV Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - absoƖute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18410 bytes

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 14th November 2009, 1:51 am

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 4:02 am

AC3Filter 1.63b
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Media Encoder 2.5
Adobe Flash Media Live Encoder 3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
AIM 6
Apple Application Support
Apple Software Update
Applian FLV Player
Ask.com Toolbar
CCleaner (remove only)
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Crawler Radio & MP3 Player
CyberLink DVD Suite
CyberLink DVD Suite
DAEMON Tools Toolbar
Daum 铺敲饭捞绢
DC-DSP Filter 1.03
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Flick 1.3.0.7
DVD Shrink 3.2
ERUNT 1.1j
ESU for Microsoft Vista
Exterminate It!
ffdshow [rev 3078] [2009-09-17]
FLAC 1.2.1b (remove only)
Free FLV Converter V 6.7.3
Ghostbusters (TM): The Video Game
Google Pinyin IME
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Graboid Video 1.65
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP MediaSmart TV
HP MediaSmart TV
HP MediaSmart Webcam
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Total Care Advisor
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
ImTOO DVD Audio Ripper 5
ImTOO DVD Ripper Platinum 5
Java(TM) 6 Update 17
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Juno Preloader
K-Lite Codec Pack 5.1.4 (Basic)
LabelPrint
LabelPrint
LightScribe System Software
Living Marine Aquarium 2 Full Screen Saver
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Easy Assist v2
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MLB.TV NexDef Plug-in
Mozilla Firefox (3.5.5)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee Reveal
My HP Games
NetZero Preloader
NVIDIA PhysX
PANDORATV LIVE
Power2Go
Power2Go
PowerDirector
PowerDirector
PPLive 1.9
PPStream
Privoxy 3.0.6
QuickTime
Ralink RT2870 Wireless LAN Card
Real Alternative 2.0.1
Realtek 8169 8168 8101E 8102E Ethernet Driver
Recovery Toolbox for RAR 1.1
Replay Video Capture
Resident Evil 4 1.10
RollerCoaster Tycoon 3 Demo
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
ShowInfo
Slingbox - Watch Your TV Anywhere
SlingPlayer
SopCast 3.2.4
SPORE Creature Creator Trial Edition
Star Wars Battlefront
Stream Torrent 1.0
SUPERAntiSpyware Free Edition
System Requirements Lab
System Requirements Lab
The Weather Channel Desktop 6
TNod User & Password Finder 1.0.0
TOM直播2.0
Tor 0.2.0.34
Trillian
Trivia Mania
TVAnts 1.0
TVUPlayer 2.4.5.3
Ultra Video Converter 4.4.0827
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Script Editor Help (KB957253)
UUSee 播放插件基础包 5.9.512.1
UUSee 网络电视 [5.9.512.1]
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Vidalia 0.1.10
Viewpoint Media Player
VLC media player 1.0.3
WebcamMax
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft DVD Ripper Ultimate SE
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 4:07 pm

bump

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 6:14 pm

ok i finished the last part that Belhazur super mod said to do .... what is next

check my previous posts

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 14th November 2009, 9:04 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Ask.com Toolbar
    Java(TM) 6 Update 7
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 9:27 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3172
Windows 6.0.6002 Service Pack 2

11/14/2009 1:26:04 PM
mbam-log-2009-11-14 (13-26-04).txt

Scan type: Quick Scan
Objects scanned: 89110
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 14th November 2009, 9:32 pm

Now post a new Hijack This log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 14th November 2009, 10:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:23 PM, on 11/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Flash Media Encoder 2.5\FlashMediaEncoder.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra button: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra 'Tools' menuitem: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\P

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 15th November 2009, 2:07 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

MBAM came back clean, how is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 17th November 2009, 4:45 pm

machine still running slow .... whenever it triggers the error message from nod 32 (antivirus) it becomes slow for like 3 minutes...

keeps saying this in error message from Nod 32 startup icon
windows/windows system 32/cngaudit.dll
cause o threat
win32 sirefef.A trojan
cannot clean

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 17th November 2009, 7:54 pm

bump

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 17th November 2009, 9:46 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger抯 actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 18th November 2009, 5:27 pm

something is wrong im getting this error message with avenger in text after i reboot .... copy pasted the entire code to avenger (Files to delete:
C:\WINDOWS\system32\cngaudit.dll) and followed part 3.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Wed Nov 18 09:02:28 2009

09:01:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 18th November 2009, 6:25 pm

Hello.
Did you include "Files to delete:"?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 18th November 2009, 6:45 pm

yes i copy pasted it as follows

Files to delete:
C:\WINDOWS\system32\cngaudit.dll

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 19th November 2009, 1:55 am

Weird, try it again. No way!

Make sure there is no space before that top line neither.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 20th November 2009, 6:24 pm

i just realized .... i have a 64 bit os..... windows vista 64 bit os ...... i just read on avenger site it doesnt support it....... what should i do now.....

System Requirements
The Avenger is fully compatible with 32-bit Windows Vista, XP, and 2000. Please do not attempt to use it on any other operating system. There are no plans to build a 64-bit version of The Avenger because of Microsoft's decision to require digital signatures for 64-bit Vista kernel code.
The Avenger must be run from a user account with administrator privileges. In Windows Vista, you will be prompted explicitly to grant The Avenger administrator privileges when it is run.

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 21st November 2009, 1:12 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 4:41 am

OTL logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
PRC - [2009/11/14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/04/29 21:13:50 | 01,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/29 21:11:58 | 00,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/04/01 13:51:34 | 00,801,032 | ---- | M] () -- C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/03/11 10:42:08 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 00:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe
PRC - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/08/01 15:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
MOD - [2009/07/17 05:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/04/10 22:28:26 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/04/10 22:28:26 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/04/10 22:28:20 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/04/10 22:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 18:52:09 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 18:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 18:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 17:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/21 21:33:32 | 00,240,128 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/09 14:29:24 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/02 17:42:58 | 00,089,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 16:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 18:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2009/05/20 07:46:27 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/04/10 22:28:26 | 00,375,808 | ---- | M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/29 20:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 20:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/24 11:13:36 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/18 10:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 10:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/05 09:23:56 | 00,210,720 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/20 18:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 18:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 16:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 02:09:34 | 00,221,696 | ---- | M] (Realtek ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/21 19:24:04 | 00,084,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/21 21:33:32 | 00,487,936 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/28 21:52:36 | 05,437,952 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/04/10 21:39:52 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/09 14:21:36 | 00,044,944 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/04/09 14:21:32 | 00,033,608 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/04/09 14:21:30 | 00,165,960 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:64bit: - [2009/04/09 14:18:04 | 00,134,024 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/04/09 14:10:34 | 00,142,776 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009/02/05 18:45:32 | 00,015,208 | ---- | M] (deepxw) -- C:\Windows\SysNative\DRIVERS\tcpz-x64d.sys -- (TCPZ)
DRV:64bit: - [2009/01/13 18:14:58 | 00,057,608 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 00,015,752 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:30 | 00,034,440 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 18:14:22 | 00,022,024 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/26 22:27:38 | 00,819,712 | ---- | M] (Ralink Technology Corp.) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/11/21 21:05:22 | 01,253,376 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/04 09:48:00 | 00,064,000 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/07 09:01:36 | 00,143,360 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/19 17:37:42 | 00,325,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 12:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/12 23:46:00 | 00,027,136 | ---- | M] (ManyCam LLC.) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/01/20 18:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 18:46:57 | 03,154,432 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 18:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 18:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 16:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 17:45:36 | 00,273,408 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\eicqfu.sys -- (zfiaje)
DRV - [2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\zjddprwx.sys -- (mhbaw)
DRV - [2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\qlsm.sys -- (cgauwfe)
DRV - [2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\ojsjszpq.sys -- (alxlmic)
DRV - [2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\nxjsojd.sys -- (puiimj)
DRV - [2009/11/04 19:30:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/09/18 13:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.0.0283
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.1.5.5
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {4dffd90c-a059-437c-99dd-d71975f219ba}:1.2.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 15:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 05:44:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 21:44:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/14 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/11 11:46:33 | 00,000,000 | ---D | M]

[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions
[2009/06/25 17:04:22 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 14:33:30 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009/09/12 13:15:12 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba}
[2009/07/09 07:24:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 11:41:53 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/28 09:36:50 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/08/13 15:38:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/09 06:56:48 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/08/11 15:49:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/10/28 14:33:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/09 06:56:49 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\anttoolbar@ant.com
[2009/11/03 20:00:41 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\DTToolbar@toolbarnet.com
[2009/08/12 12:01:15 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@ghostery.com
[2009/11/17 21:37:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@tvunetworks.com
[2009/09/19 23:38:19 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\justintvpublisher@justin.tv
[2009/04/01 11:03:34 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\moveplayer@movenetworks.com
[2009/10/28 09:36:54 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\netvideohunter@netvideohunter.com
[2009/11/03 20:00:02 | 00,002,059 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\searchplugins\daemon-search.xml
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 21:44:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/05 06:31:34 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 14:02:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/09 06:35:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 21:44:38 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 21:44:38 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 08:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, [You must be registered and logged in to see this link.] -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 08:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 08:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 21:44:41 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/10/09 10:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/09 10:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2009/09/25 08:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, [You must be registered and logged in to see this link.] -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/07 06:52:33 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/07 06:52:33 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/07 06:52:33 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/07 06:52:33 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/07 06:52:33 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/07 06:52:33 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/07 06:52:33 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google IME Autoupdater] C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [YouTubeDownloader_upgrade] C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe (TODO: )
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8:64bit: - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra Button: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra 'Tools' menuitem : 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([help] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trivia01.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} [You must be registered and logged in to see this link.] (MMCPlayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} [You must be registered and logged in to see this link.] (SeeTooControl Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} [You must be registered and logged in to see this link.] (PotWeb Control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} [You must be registered and logged in to see this link.] (FixItClient Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E635477-CD50-4290-8604-680C151E3DA7} [You must be registered and logged in to see this link.] (DanaX Control)
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} [You must be registered and logged in to see this link.] (Recovery ActiveX Control Module)
O16 - DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} [You must be registered and logged in to see this link.] (OpenTV_17FunTV Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} [You must be registered and logged in to see this link.] (tcast control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: Justin.tv Publisher [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 4:42 am

========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 20:02:07 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\GHOSTBUSTERS (tm)
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\GHOSTBUSTERS (tm)
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 16:09:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2009/11/20 15:59:20 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\RegRun2
[2009/11/20 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2009/11/20 14:56:54 | 00,334,720 | ---- | C] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Users\Brian\Desktop\RootkitRevealer.exe
[2009/11/20 14:23:22 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Threat Expert
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/14 19:17:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2009/11/13 20:40:12 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\antivirus
[2009/11/13 17:46:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/13 17:45:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:27:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/13 12:26:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/11/13 11:59:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trivia Mania
[2009/11/13 11:29:38 | 00,455,168 | ---- | C] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/13 11:07:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Recovery Toolbox for RAR
[2009/11/10 12:37:12 | 02,751,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32k.sys
[2009/11/10 12:37:08 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDApi.dll
[2009/11/10 12:37:08 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/09 06:35:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/08 19:09:15 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\PPLive
[2009/11/07 13:35:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/06 16:21:40 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Simply Super Software
[2009/11/06 09:30:18 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Downloaded Installations
[2009/11/05 20:25:44 | 00,000,000 | RH-D | C] -- C:\Users\Brian\AppData\Roaming\SecuROM
[2009/11/05 13:10:34 | 06,412,288 | ---- | C] (Terminal Reality Inc.) -- C:\Users\Brian\Desktop\ghost_w32.exe
[2009/11/04 20:50:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsUpdate
[2009/11/04 12:34:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/04 07:45:47 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/11/03 21:46:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ApplicationHistory
[2009/11/03 20:39:42 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/11/03 20:39:42 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/11/03 20:39:39 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/11/03 20:39:39 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/11/03 20:39:39 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/11/03 20:39:39 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/11/03 20:39:38 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/11/03 20:39:38 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/11/03 20:39:36 | 01,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2009/11/03 20:39:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2009/11/03 20:39:34 | 04,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2009/11/03 20:39:34 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2009/11/03 20:39:33 | 00,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2009/11/03 20:39:33 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2009/11/03 20:39:32 | 01,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2009/11/03 20:39:32 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2009/11/03 20:39:31 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2009/11/03 20:39:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2009/11/03 20:39:29 | 04,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2009/11/03 20:39:29 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2009/11/03 20:39:28 | 00,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2009/11/03 20:39:28 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2009/11/03 20:39:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2009/11/03 20:39:27 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2009/11/03 20:39:26 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2009/11/03 20:39:26 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2009/11/03 20:39:25 | 01,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 00,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2009/11/03 20:39:25 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/11/03 20:39:23 | 04,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2009/11/03 20:39:23 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/11/03 20:39:22 | 00,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2009/11/03 20:39:22 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2009/11/03 20:39:20 | 02,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2009/11/03 20:39:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2009/11/03 20:39:18 | 05,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2009/11/03 20:39:18 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2009/11/03 20:39:18 | 00,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2009/11/03 20:39:18 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2009/11/03 20:39:16 | 01,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2009/11/03 20:39:16 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2009/11/03 20:39:14 | 05,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2009/11/03 20:39:14 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2009/11/03 20:39:13 | 00,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2009/11/03 20:39:13 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2009/11/03 20:39:11 | 01,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2009/11/03 20:39:11 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2009/11/03 20:39:09 | 04,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2009/11/03 20:39:09 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2009/11/03 20:39:08 | 00,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2009/11/03 20:39:08 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2009/11/03 20:39:04 | 01,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2009/11/03 20:39:04 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2009/11/03 20:39:03 | 04,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2009/11/03 20:39:03 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2009/11/03 20:39:03 | 00,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2009/11/03 20:39:03 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2009/11/03 20:39:02 | 00,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2009/11/03 20:39:02 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2009/11/03 20:39:02 | 00,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2009/11/03 20:39:02 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2009/11/03 20:39:00 | 04,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2009/11/03 20:39:00 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2009/11/03 20:38:59 | 00,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2009/11/03 20:38:59 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2009/11/03 20:38:57 | 03,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2009/11/03 20:38:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009/11/03 20:38:56 | 00,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2009/11/03 20:38:56 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2009/11/03 20:38:54 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2009/11/03 20:38:54 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2009/11/03 20:38:52 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2009/11/03 20:38:52 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2009/11/03 20:38:41 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2009/11/03 20:38:40 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2009/11/03 20:38:40 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2009/11/03 20:38:38 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2009/11/03 20:38:38 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2009/11/03 20:38:37 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2009/11/03 20:38:37 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2009/11/03 20:38:35 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2009/11/03 20:38:35 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2009/11/03 20:38:34 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2009/11/03 20:38:34 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2009/11/03 20:38:32 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2009/11/03 20:38:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2009/11/03 20:38:30 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2009/11/03 20:38:30 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2009/11/03 20:19:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2009/11/03 20:17:30 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2009/11/03 20:00:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009/11/03 19:59:07 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 17:34:01 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 17:34:00 | 09,236,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/11/03 06:50:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Adobe Flash Media Shortcuts
[2009/11/02 13:36:08 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\vlc
[2009/11/02 12:22:32 | 00,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2009/11/02 12:22:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2009/11/02 11:47:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx
[2009/11/02 07:39:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/11/02 07:06:43 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\RapidShare
[2009/11/02 07:02:46 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Apps
[2009/11/02 07:02:42 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Deployment
[2009/10/31 14:29:44 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Megaupload
[2009/10/29 18:26:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2009/10/28 14:20:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FLAC
[2009/10/28 13:45:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2009/10/28 13:34:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2009/10/28 13:22:59 | 00,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009/10/28 13:22:59 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009/10/28 13:22:57 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2009/10/28 13:22:57 | 00,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2009/10/28 13:22:56 | 05,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2009/10/28 13:22:56 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2009/10/28 13:22:56 | 02,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2009/10/28 13:22:56 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2009/10/28 13:22:55 | 00,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2009/10/28 13:22:55 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2009/10/28 13:22:54 | 02,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2009/10/28 13:22:54 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/10/28 13:22:51 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009/10/28 13:22:51 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2009/10/28 13:22:50 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009/10/28 13:22:50 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past
[2009/10/28 13:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\River Past
[2009/10/28 12:29:58 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO DVD Ripper Platinum 5
[2009/10/28 12:26:51 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO
[2009/10/28 12:15:03 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Crack
[2009/10/28 11:39:50 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO.DVD.Audio.Ripper.v5.050.0703.Cracked-QUANTiZE
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/10/28 10:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/28 09:54:29 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/10/28 09:54:29 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/10/28 09:54:29 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/10/28 09:54:29 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winspool.drv
[2009/10/28 09:54:28 | 00,893,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/28 09:54:28 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/10/28 09:54:25 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/10/28 09:54:25 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/10/28 09:54:25 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/10/28 09:54:25 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/10/28 09:54:25 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/10/28 09:54:25 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/10/28 09:54:25 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/10/28 09:54:25 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/10/28 09:54:25 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/10/28 09:54:24 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/10/28 09:54:24 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/10/28 09:54:24 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/10/28 09:54:24 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/10/28 09:54:24 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/10/28 09:54:24 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/10/28 09:54:24 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/10/28 09:54:24 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/10/28 09:54:24 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/10/28 09:54:24 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/10/28 09:54:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/10/28 09:54:24 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/10/28 09:54:24 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/10/28 09:54:23 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/10/28 09:54:23 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/10/28 09:54:23 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/10/28 09:54:23 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/10/28 09:54:23 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/10/28 09:54:23 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/10/28 09:54:23 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/10/28 09:54:23 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/10/28 09:54:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/10/28 09:53:43 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/10/28 09:53:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/10/28 09:53:42 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdbusenum.dll
[2009/10/28 09:53:42 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/10/28 09:53:37 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/10/28 09:53:37 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/10/28 09:53:36 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/10/28 09:53:36 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/10/28 09:53:35 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/10/28 09:53:35 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/10/28 09:53:35 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/10/28 09:53:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/10/28 09:53:35 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/10/28 09:53:35 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/10/28 09:53:35 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/10/28 09:52:03 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/10/28 09:52:03 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleacc.dll
[2009/10/28 09:50:22 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2009/10/28 09:50:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2009/10/28 09:50:12 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2009/10/28 09:50:12 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2009/10/28 09:48:59 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 09:48:57 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 09:48:57 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 09:48:56 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/28 09:48:52 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/28 09:48:52 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/20 20:28:48 | 04,194,304 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT
[2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/20 19:31:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/20 19:31:33 | 00,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 17:44:21 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/20 16:34:27 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2009/11/20 16:34:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/20 16:34:11 | 42,605,81376 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/20 16:33:00 | 00,524,288 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 16:33:00 | 00,065,536 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/20 16:32:55 | 04,504,121 | -H-- | M] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 12:08:23 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/20 07:52:40 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2009/11/19 12:14:34 | 00,140,800 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:22:30 | 00,724,952 | ---- | M] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/16 18:24:06 | 00,000,684 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/11/16 07:58:17 | 00,704,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/16 07:58:17 | 00,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/16 07:58:17 | 00,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/14 10:11:57 | 00,009,216 | ---- | M] () -- C:\Users\Brian\Documents\Chocolate chip cookies.wps
[2009/11/13 21:27:58 | 00,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2009/11/13 17:46:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:26:49 | 00,000,943 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/13 11:36:07 | 00,455,168 | ---- | M] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/10 13:51:03 | 00,305,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/08 19:09:55 | 00,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2009/11/05 10:05:58 | 28,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/11/04 12:26:20 | 00,000,782 | ---- | M] () -- C:\Users\Brian\Desktop\礣orrent.lnk
[2009/11/03 21:44:19 | 00,721,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/11/03 10:34:35 | 00,002,647 | ---- | M] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/28 14:20:33 | 00,001,701 | ---- | M] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:04:03 | 00,163,777 | ---- | M] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:34:49 | 00,001,027 | ---- | M] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 10:03:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/22 16:04:44 | 00,315,392 | ---- | M] (Koyote Soft - [You must be registered and logged in to see this link.] -- C:\Windows\SysWow64\TubeFinder.exe

========== Files Created - No Company Name ==========

[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 14:08:28 | 00,010,634 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A49.txt
[2009/11/20 14:08:27 | 00,428,772 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI3A46.txt
[2009/11/20 14:08:27 | 00,011,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A46.txt
[2009/11/20 12:08:23 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/19 08:05:07 | 00,731,136 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.exe
[2009/11/18 09:19:59 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 09:07:24 | 00,000,104 | ---- | C] () -- C:\Program Files (x86)\jmrcr.txt
[2009/11/18 08:51:03 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:21:12 | 00,724,952 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/13 12:26:49 | 00,000,943 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/08 19:09:55 | 00,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/11/07 15:02:18 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/05 03:03:05 | 02,163,972 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_NET_Framework35_x64_MSI2907.txt
[2009/11/05 03:01:59 | 00,156,568 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/05 03:01:48 | 00,379,478 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35install.txt
[2009/11/05 03:01:48 | 00,002,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\uxeventlog.txt
[2009/11/05 03:01:48 | 00,000,002 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35error.txt
[2009/11/04 12:26:11 | 00,000,782 | ---- | C] () -- C:\Users\Brian\Desktop\礣orrent.lnk
[2009/11/03 20:18:45 | 00,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 10:34:35 | 00,002,647 | ---- | C] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 14:05:19 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/31 21:13:11 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/10/28 14:20:33 | 00,001,701 | ---- | C] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:34:06 | 00,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2009/10/28 13:34:06 | 00,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2009/10/28 13:04:03 | 00,163,777 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:25:22 | 00,001,027 | ---- | C] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 11:39:51 | 01,440,054 | ---- | C] () -- C:\Users\Brian\Documents\TSO.bmp
[2009/10/28 11:39:51 | 00,003,318 | ---- | C] () -- C:\Users\Brian\Documents\theseekersoasis.org.nfo
[2009/10/28 11:39:51 | 00,000,069 | ---- | C] () -- C:\Users\Brian\Documents\TSO.URL
[2009/10/28 10:03:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/02 16:41:30 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/09/20 06:50:17 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/15 16:46:36 | 00,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/09/15 16:46:36 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/09/14 16:05:35 | 01,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2009/09/11 14:50:46 | 00,000,079 | ---- | C] () -- C:\Users\Brian\AppData\Local\DVDPATH.TXT
[2009/09/08 12:02:03 | 00,124,432 | ---- | C] () -- C:\Windows\SysWow64\PanInstaller.dll
[2009/09/08 12:02:02 | 00,083,480 | ---- | C] () -- C:\Windows\SysWow64\FirstLoad.dll
[2009/07/29 19:57:19 | 00,230,420 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924MSI7A1A.txt
[2009/07/29 19:57:17 | 00,011,784 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924UI7A1A.txt
[2009/07/29 19:57:02 | 00,544,724 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI79E9.txt
[2009/07/29 19:57:02 | 00,011,752 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI79E9.txt
[2009/07/29 19:56:35 | 00,537,708 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI798D.txt
[2009/07/29 19:56:34 | 00,011,672 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI798D.txt
[2009/06/04 10:01:22 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 10:00:49 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/13 15:08:15 | 08,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009/05/09 14:17:43 | 00,000,680 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat
[2009/04/10 22:11:08 | 00,165,336 | ---- | C] () -- C:\Windows\SysWow64\mod_wmp.dll
[2009/04/10 22:11:06 | 00,160,216 | ---- | C] () -- C:\Windows\SysWow64\mod_hp.dll
[2009/04/10 22:11:02 | 00,312,792 | ---- | C] () -- C:\Windows\SysWow64\mod_dana.dll
[2009/04/10 22:11:00 | 00,196,568 | ---- | C] () -- C:\Windows\SysWow64\p2p_core.dll
[2009/04/08 19:23:29 | 00,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/04/05 13:25:18 | 00,140,800 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 10:23:17 | 00,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009/03/29 10:23:17 | 00,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009/03/29 10:21:14 | 00,000,784 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/03/29 10:21:14 | 00,000,468 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009/03/26 09:53:49 | 00,322,598 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI059A.txt
[2009/03/26 09:53:49 | 00,011,148 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI059A.txt
[2009/03/19 23:35:10 | 00,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/03/17 21:40:35 | 00,000,684 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/03/17 21:00:32 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/17 21:00:25 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/17 20:19:09 | 04,504,121 | -H-- | C] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\QSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\DSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\AtStart.txt
[2009/03/17 15:04:22 | 00,075,280 | ---- | C] () -- C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/27 15:18:28 | 00,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll
[2009/02/04 01:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll
[2009/01/11 00:58:14 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/11 00:58:06 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/11 00:57:41 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/11 00:57:10 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/11 00:55:55 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/18 15:45:24 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/18 15:39:59 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/18 15:38:17 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/18 15:36:58 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/17 01:27:04 | 00,093,680 | ---- | C] () -- C:\Windows\SysWow64\gtapi_pack.dll
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 07:07:25 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2005/03/10 10:09:00 | 00,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2005/03/03 21:43:05 | 00,002,055 | ---- | C] () -- C:\Windows\SubCreator.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 5:09 am

now extras file to follow in 2 or 3 parts look for the end of report to signify the end

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 5:10 am

OTL Extras logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.reg [@ = regfile] --
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = vbefile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.vbs[@ = vbsfile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] --

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] --
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] --
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FD AE FB A7 42 E5 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0254CC1C-38ED-4BC7-8036-AE197DC18A38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E3C9F9E-543C-48C9-B3E1-0AF9BDAB449E}" = lport=445 | protocol=6 | dir=in | app=system |
"{10C536A0-26DE-43FF-B617-806EB3CB575B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E846906-063A-4DAC-A0A6-8A3591D56643}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2140E70E-3E75-493E-AD44-3F1A877531C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{251A4A3F-AC9F-4386-B1F4-BAE12459B752}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28BBE7E0-4C4D-4F8A-B600-A3DF8366EC88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29981758-4DD9-419A-9D8A-2165BDC00E44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A6D8156-30E1-482C-8AFD-390EEF87A208}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40FB093F-7AD7-426A-B851-A2E4099F43A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{480EF05A-C100-4981-97BD-FE155AB33C65}" = rport=137 | protocol=17 | dir=out | app=system |
"{72482882-10E7-4FD4-8D89-683E88B5869C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BB03985-635E-4DF4-A8F8-D4C6FE5DEF17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D6467B4-AF72-4F02-9726-B2D88E8B40B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{9192501B-BC55-405E-9935-EB875BA06EB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94DBE0CB-95CF-472F-B895-DBBF94BB63D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A7C1638-0206-4191-A842-458190B5425F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E6E0647-9239-4BEF-A298-371FFC1C142A}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0B35DA5-BD5A-4742-BFC1-4321C83BF6BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C84A4FE8-885B-4695-93A5-206C8D2DEDA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CED7226C-17C5-4B44-9B3B-ABEFCE513B40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D337F4EF-A2EA-42C2-A9D4-14DE22A5EAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B8A49F-FDEB-4E28-87B5-A0EA830F458A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E706EF00-3252-4184-BFB8-EC00B4ADD34A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7DE234F-CE70-4CE1-B464-1C487767A3D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E99D645F-EE52-4CC4-82E8-8FE96329F93F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE38AD21-233E-407C-9F4B-545002589AF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F01A864C-3CE4-4C64-B2BE-20696A32E7B0}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AC3A83-296D-4335-AE8A-B1B480C09C1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{00F4AA1F-95A7-42F6-8401-F0DF47D0F1A5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{023A7249-03B8-4285-AE9F-003EE65970AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1E7EC1BF-BF63-4840-9CD1-C8490AB3B5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1F5653A5-1AC4-4513-ADDD-770B4B0C7D66}" = protocol=6 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{2FB88B84-B5D3-4FAF-9F57-6432C454533C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3256BAD9-CDC9-4DEB-9DF7-EF51D86FCD48}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{331E5D5B-E743-4068-8178-55CE5AE77000}" = protocol=17 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{3D991568-D891-4DBB-9147-781AC649E609}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47B0D38E-4DA7-436E-88B4-2BFF842680C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{49B35683-7E6B-41D0-A0F9-3D5F6C9EEDAA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5133AFBE-BCE3-49FB-995E-6AAA49897425}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63A7BE61-DF13-4F32-8149-A4316A351F75}" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{65314AAF-1A4E-4C29-8563-83EEC9018294}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{715740EB-63FD-4E6E-BE86-CA8D730379A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{77F2E6DA-E6FC-41B4-8518-389011056041}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7A80BE7F-FC15-4589-B2E3-1767E261508D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7B162E5D-1938-4E40-AD36-B7B9F9078911}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{82F36A57-2EFF-40B8-8EA7-46C1DF15A57B}" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{89EA5607-D2DC-4D1A-AD5A-8EA4DD7E45B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{8CF73B85-C63E-44DC-8449-BCED640D178E}" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{8D47C952-4B3A-41F3-A66E-77F6BEA37A61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9362CAA6-FC4A-4FAA-92F8-26A66C904B52}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{975F1D90-F994-429B-A3A0-FA59D15E45A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{9A58AE2E-BC83-43FF-8447-791E5CA757B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9A6BECE3-A2AA-4433-BF4D-19D3BCDFCE63}" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{9A93A1FF-FC48-421A-AEDD-3A8C99AB0309}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{9AAA45C4-038E-433E-815F-843B47090E01}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{9DF5E79C-DDDE-4577-8CE1-768117FF0407}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A75FF3E8-2E6F-4468-851A-A9673888EC2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{ABF113D6-29C0-49C6-95D1-5460E6755915}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B5BF58AC-BB94-43D5-80BF-0D75C550C4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{B67120A8-E926-44CD-AF87-480609384053}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{BBCD16ED-165F-4A63-AE6E-675FA8C75EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF33A31E-4BBF-4509-8C0B-F4C6DD711BFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D615E015-0D57-46E7-9E21-6D34389F2969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAE00745-418C-4D3B-BDC9-E9136E183A87}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{DD06FC70-AD7F-4E3E-A859-093B94D02FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E6B74565-9E8F-43FD-827C-AEEE12D01115}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E6E0A1C7-B00F-473B-A132-E6FE6DCA1A2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EB088F15-EC02-4805-A003-B6346D656EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{ECA80D34-ED9D-428C-96A0-57A43307AA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EE3DFE02-C1B7-4F81-804B-8956DE9592C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{F7C7A1DE-DB3E-492B-949A-429D8615D6CB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{FD98A105-EBF2-4DCC-AA87-092C8CED9415}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{06F8F5DE-6BB7-4351-8E55-12E836081B72}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{40C4FA6B-B629-4C77-AB4C-2B721C7D6593}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{46009305-C214-480D-BA80-02B86E63AC4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4844431C-6887-412A-93EE-7840FB5E1A76}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{4DD89789-4218-42AE-BE43-38494FA70576}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{53479E24-1554-4770-9D13-90516C498490}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{54A18B89-C540-4B6F-AF7F-F5B101AED581}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{5C4A6D8E-ACF9-467C-A099-A0D6027D87C8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{621BD400-A92D-4ADE-BD23-A16C8CDD911D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{65C13156-1915-45E0-A3B6-34C86311BA9E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{74226060-6429-49B8-BE20-5163A8ED4DD2}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"TCP Query User{81F7417A-95FC-47D4-9593-1B09B69591D1}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"TCP Query User{83F94912-46C9-4698-B02D-347AE6D047CD}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"TCP Query User{860D86B8-3703-4D2F-908E-1A0EDC555DE2}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{89E5BCA4-825B-4414-A0DF-D5F79C921A61}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8A8FB053-F734-498C-8566-7802C5E09FD1}C:\users\brian\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"TCP Query User{99211712-3B71-4E9F-8ACB-BD851A7AF564}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9EBA9B75-CFD6-429B-8953-8E18282300B5}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9F8D0EAC-06DD-4BA9-92BF-A1F0A49BB94E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A261D479-22AE-4642-89EA-AE75B902A711}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |
"TCP Query User{C4CB78A5-DC1C-4557-BFE2-8A7C999A0655}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"TCP Query User{C6C7E0ED-8747-4018-813C-F5C082C224D9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{CA831B8E-5D60-4BD6-96A5-C5ACC049625C}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"TCP Query User{CBED1D7E-DA71-4EF3-A96D-CF5290A4F746}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{D9DDDCEF-58CD-4717-8B12-1384DFCC003C}C:\users\brian\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"TCP Query User{E26E7D75-358A-48A1-9965-7FCFED6180BC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{E45772BA-5655-464A-AFCA-41215D8D4CB9}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"TCP Query User{E72B45CC-DC9F-4D00-B3B8-3165AA758D1C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EAB06204-8A5C-451B-A2F1-194F079A85BC}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{F4775948-6E75-407B-BAC9-5C3A6B37D187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{0D908CE4-7368-4F92-8DC1-464796568171}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1407D473-29F6-454B-ABA8-8CDD76C97F7C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{14BDF9DE-431F-4FC3-81AF-0BB04FAE2600}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{156FC1F8-13C8-4C04-B7DD-3D43310E83CC}C:\users\brian\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"UDP Query User{16A7310B-ADE6-46A5-BFB9-CB6A24B5A6F3}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{1F86099F-FD93-41C8-8091-69D399E84ACB}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"UDP Query User{1FC67736-C611-4E0F-BCF8-A091FE91CCBC}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{284A1487-2AF9-4E2D-B75B-86F57E84C2C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2EC82CC6-DC83-431A-99CD-DB889E9B5DCC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{42476515-FBD8-4CCB-98EE-A254FAF9FB65}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{48BB7763-3117-4713-B598-2055D73A5FA1}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{5984EA16-4350-49CD-9E95-618330857FFD}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"UDP Query User{65D99ADF-A041-43C4-9F1A-D1BA228747D9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{6C5AF97F-9718-4582-8A66-F4CECB2BCD92}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"UDP Query User{77C1F941-FCAA-4A2D-B305-1930C9EAD713}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{7C16C731-CE5B-4EBF-ABBF-C7DF4703034D}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{7FF70C1D-B2E1-472D-AA8D-4F4872C76EBD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{84426864-6BDE-43F3-BD2A-96BE162091CC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{981763CE-49E5-4DC6-B34C-A5F2F01AD7ED}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{9BBFBD59-14F4-443F-839C-5FC908BBEED3}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{9D2DEDA8-454E-4E2C-B5C0-BD1EC1189BBC}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{A4ECD998-B794-4E80-881E-91D4225E12BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A893B976-B881-499B-A4D0-DD9406D5970D}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"UDP Query User{B7C117FC-0AA1-44B8-B01C-27745F92B0B6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D2A97898-A3C9-44C6-B6E3-62177EF467EC}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"UDP Query User{DD77E583-E04E-460D-9E70-2775086B50E4}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{E8DDA562-C413-404E-869B-342086757D9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F1E99BF9-E774-4C73-BAC2-DF4E24585D54}C:\users\brian\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"UDP Query User{FA2A441B-F82C-4EAE-A514-8FC5E5FD1187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{FC1E34AB-A0CD-408D-BC80-A0FC3E7A968F}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 5:11 am

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{889450B1-87C5-4A38-B766-DBBC9845EABE}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB8A5373-8AE1-410A-83F5-51560464CC95}" = ESET Smart Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audio Converter Pro" = River Past Audio Converter Pro
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635E5FD4-5AF3-4EFD-8060-FE5113A1ECC1}" = ShowInfo
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1" = Crawler Radio & MP3 Player
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DADFF3C9-EDF8-43E9-9F60-BE816EB20BA6}" = Trivia Mania
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EBE92A10-97D2-48F2-A116-5F618D87D7F0}_is1" = TOM直播2.0
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Applian FLV Player2.0.24" = Applian FLV Player
"Autobahn" = MLB.TV NexDef Plug-in
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DC-DSP Filter" = DC-DSP Filter 1.03
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3078] [2009-09-17]
"FLAC" = FLAC 1.2.1b (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 6.7.3
"Google Updater" = Google Updater
"GooglePinyin" = Google Pinyin IME
"Graboid Video" = Graboid Video 1.65
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"ImTOO DVD Audio Ripper 5" = ImTOO DVD Audio Ripper 5
"ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.4 (Basic)
"Living Marine Aquarium 2 Full Screen Saver" = Living Marine Aquarium 2 Full Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNINST" = MSN
"PANDORATV LIVE_is1" = PANDORATV LIVE
"PotPlayer" = Daum 铺敲饭捞绢
"PPLive" = PPLive 1.9
"PPStream" = PPStream
"Privoxy" = Privoxy 3.0.6
"RealAlt_is1" = Real Alternative 2.0.1
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Replay Video Capture3.1B" = Replay Video Capture
"Resident Evil 4_is1" = Resident Evil 4 1.10
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = Stream Torrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TNod User & Password Finder 1.0.0" = TNod User & Password Finder 1.0.0
"Tor" = Tor 0.2.0.34
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Ultra Video Converter_is1" = Ultra Video Converter 4.4.0827
"UUSEE" = UUSee 网络电视 [5.9.512.1]
"UUSEE_base" = UUSee 播放插件基础包 5.9.512.1
"Veetle TV" = Veetle TV 0.9.15
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VLC media player 1.0.3
"WebcamMax" = WebcamMax
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Ultimate SE 5" = Xilisoft DVD Ripper Ultimate SE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = 礣orrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2009 1:35:17 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed BackupStates.xml

Error - 11/18/2009 1:35:18 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed SecurityStates.xml

Error - 11/18/2009 1:35:18 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed SecurityOffers.xml

Error - 11/18/2009 1:35:20 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed HealthStates.xml

Error - 11/18/2009 4:09:19 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000005, fault offset 0x00038e7c, process id 0xa94, application
start time 0x01ca6875fa441330.

Error - 11/19/2009 1:43:16 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000005, fault offset 0x00038e7c, process id 0xd1c, application
start time 0x01ca68bb37942830.

Error - 11/19/2009 11:28:01 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2009 11:30:39 AM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 11/20/2009 11:53:40 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2009 11:56:49 AM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

[ Media Center Events ]
Error - 4/2/2009 1:26:46 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 9:23:34 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 11:31:29 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&01E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4)
disappeared from the system without first being prepared for removal.


< End of report >

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 8:38 pm

bump

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 21st November 2009, 9:15 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Windows\SysWow64\drivers\eicqfu.sys
    C:\Windows\SysWow64\drivers\zjddprwx.sys
    C:\Windows\SysWow64\drivers\qlsm.sys
    C:\Windows\SysWow64\drivers\ojsjszpq.sys
    C:\Program Files (x86)\jmrcr.txt
    C:\Windows\SysWow64\drivers\nxjsojd.sys



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 21st November 2009, 9:41 pm

C:\Windows\SysWow64\drivers\eicqfu.sys moved successfully.
C:\Windows\SysWow64\drivers\zjddprwx.sys moved successfully.
C:\Windows\SysWow64\drivers\qlsm.sys moved successfully.
C:\Windows\SysWow64\drivers\ojsjszpq.sys moved successfully.
C:\Program Files (x86)\jmrcr.txt moved successfully.
C:\Windows\SysWow64\drivers\nxjsojd.sys moved successfully.

OTL by OldTimer - Version 3.1.6.1 log created on 11212009_134041

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 22nd November 2009, 10:21 pm

bump

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 23rd November 2009, 12:35 am

Sorry, missed your post.

How is the machine now? them few sys files were the only thing that looked a bit weird to me.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 25th November 2009, 9:38 pm

still running horrible........ now fan is running for no apparent reason
still getting same error message in eset nod 32

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 25th November 2009, 10:23 pm

i have another question what do i do with files in malware bytes quarentine list ..... i have about 30 files in there that are in quarentine ...... do i delete all of them .... i havent because i was concerned i was deleting something that might not be a trojan or virus..... i would post the list of files in quarentine but im not sure how to....

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 26th November 2009, 12:52 am

bump

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by Belahzur on 26th November 2009, 1:43 am

Slowness could be related to something else.

MBAM quarantined items are dead, you can delete them if you want to.

Post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pretty sure i have a trojan need help

Post by rollotomassi on 26th November 2009, 10:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:56 PM, on 11/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra button: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra 'Tools' menuitem: 很快视频搜索 - {998A88A0-A355-809B-831C-B83A80000991} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: Justin.tv Publisher - [You must be registered and logged in to see this link.]
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} (PotWeb Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E635477-CD50-4290-8604-680C151E3DA7} (DanaX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} (OpenTV_17FunTV Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - absoƖute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17416 bytes

rollotomassi
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-11-14
OS OS : vista 64bit home premium
Points Points : 26066
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum