Virus....Keeps opening windows...and more....

View previous topic View next topic Go down

Virus....Keeps opening windows...and more....

Post by SupaCoopa on 23rd February 2010, 5:01 pm

Hi.... I have a virus now, ive tried SuperAntiSpyware, WalwareBytes, AVG, Avira...windows maliscous ect.... These virus protection programs are finding trojans and all sorts...but when i reboot, there back.....
sometimes the search finds 2 problems.....sometimes more, 18 yesterday??? im constantly running the 4 diff virus protection programs...one after the other....sometimes they all find nothing..... most of the time they find 1 or 2 things.....
every now and then a webpage is opened by the virus...but i try and cancel it asap in case its downloading from the page...
Also ive noticed that I cannot open Google Chrome anymore.... it just sits in a paused state, trying to load my homepage but nothing..... I uninstalled and reinstalled...but still no good!

I have system restored, and my computer is workin ALLOT faster again..... which is good.... But webpages keep randomly popping up now and then.... and Google Chrome is still no good....so I know its still here somewhere...
Hopefully somebody has an idea for me... Thanks GeekPolice!!!! Smile

I got this from a malwarebites search... if i get more ill post em...
c/windows/temp/f499.tmp .....

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by Belahzur on 23rd February 2010, 8:25 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 23rd February 2010, 8:35 pm

Belahzur..... Thanks for your Reply!!!!
I downloaded the virus on the 18/02/2010 i hope this helps...
Here is the file that saved to my Desktop!!!

OTL logfile created on: 23/02/2010 20:29:02 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Coops\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 306.45 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOPS-PC
Current User Name: Coops
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 20:28:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Coops\Desktop\OTL.exe
PRC - [2010/02/23 18:53:39 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/06 15:44:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/31 16:41:37 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 16:02:49 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/11 16:02:49 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/03 00:38:45 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/03 00:38:43 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/03 00:38:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/05 12:39:22 | 000,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/30 23:07:52 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/03 11:47:34 | 001,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 07:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/19 07:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/08/06 23:10:24 | 000,278,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe
PRC - [2008/07/24 10:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/10 19:56:31 | 001,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/06/10 19:56:29 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/09 09:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 09:16:32 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/06/03 07:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/01/18 16:37:38 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
PRC - [2007/12/14 18:00:54 | 000,999,424 | ---- | M] (AzureWave.com) -- C:\Program Files\ASRock WiFi-802.11g Install Program\RtWLan.exe
PRC - [2007/11/08 11:33:22 | 001,220,608 | ---- | M] (ASRock Inc.) -- C:\Program Files\ASRock\WiFi-802.11n\WiFi-80211n.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 20:28:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Coops\Desktop\OTL.exe
MOD - [2009/11/03 00:38:49 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/03 00:38:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 23:07:52 | 000,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/06/09 09:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/02/23 18:53:39 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 18:53:39 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 18:53:39 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/14 19:30:36 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/11/10 09:03:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/03 00:38:58 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/03 00:38:58 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 16:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 16:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/04/30 21:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 06:32:26 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2009/04/11 04:42:54 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/09/15 06:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 06:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 06:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 06:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/25 01:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/24 10:03:46 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/07 19:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/02/18 14:21:33 | 000,104,960 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2008/02/01 14:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 14:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/14 09:24:11 | 000,028,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiU0CEA.sys -- (SaiU0CEA)
DRV - [2008/01/14 09:24:09 | 000,104,960 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0CEA.sys -- (SaiK0CEA)
DRV - [2007/05/02 15:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 15:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/04/13 10:23:16 | 000,015,360 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {86f669cf-ddb5-4976-8c70-2eaf49e618f8} - C:\Program Files\Hdgoals.com\tbHdgo.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {86f669cf-ddb5-4976-8c70-2eaf49e618f8} - C:\Program Files\Hdgoals.com\tbHdgo.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "toolbartv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT694331&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.3.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.19
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.11.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: reloadplus@blackwind:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.7.1
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/11 16:04:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 18:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/23 18:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/06/30 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Extensions
[2009/04/25 23:52:17 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/23 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions
[2009/10/27 18:29:20 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/29 01:41:34 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/02/23 18:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/02/22 01:56:09 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(165)
[2010/01/04 00:30:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/02/22 01:56:10 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}(166)
[2010/01/10 13:10:59 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/05 14:33:50 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/23 18:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/08 18:06:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/29 01:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/23 18:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/23 18:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/02/23 18:21:56 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/27 18:29:11 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\anycolor.pavlos256@gmail.com
[2009/09/26 01:06:51 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/02/23 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2009/12/01 21:21:52 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\firefox1@myibay.com
[2010/02/08 23:02:37 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\nasanightlaunch@example(255).com
[2010/01/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\personas@christopher.beard
[2010/01/08 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com
[2010/01/10 01:05:25 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\reloadplus@blackwind
[2009/12/29 01:34:39 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\SkipScreen@SkipScreen
[2009/11/13 18:22:27 | 000,000,000 | ---D | M] -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\tineye@ideeinc.com
[2009/09/01 11:08:36 | 000,000,878 | ---- | M] () -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\searchplugins\conduit.xml
[2010/02/20 23:09:42 | 000,002,291 | ---- | M] () -- C:\Users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\searchplugins\surf-canyon.xml
[2010/02/23 18:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/24 13:23:17 | 000,048,640 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npsaidetect.dll
[2009/11/24 13:23:17 | 000,048,640 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npsaidetect_AVG_RESTORED.dll
[2009/09/15 11:35:32 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/15 11:35:33 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/09/15 11:35:33 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/09/15 11:35:33 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hdgoals.com Toolbar) - {86f669cf-ddb5-4976-8c70-2eaf49e618f8} - C:\Program Files\Hdgoals.com\tbHdgo.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Hdgoals.com Toolbar) - {86f669cf-ddb5-4976-8c70-2eaf49e618f8} - C:\Program Files\Hdgoals.com\tbHdgo.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Hdgoals.com Toolbar) - {86F669CF-DDB5-4976-8C70-2EAF49E618F8} - C:\Program Files\Hdgoals.com\tbHdgo.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [SamsungPCSuiteTrayApplication] C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe (Samsung)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\Coops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} [You must be registered and logged in to see this link.] (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} [You must be registered and logged in to see this link.] (VodClient Control Class)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Users\Coops\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Coops\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/23 17:15:16 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 20:28:48 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Coops\Desktop\OTL.exe
[2010/02/23 19:03:32 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 19:03:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 19:01:28 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 19:01:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 19:01:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 19:01:20 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 19:01:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 19:01:20 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 19:01:20 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 19:01:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 19:01:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 19:01:06 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 19:01:05 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 19:01:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/23 19:01:01 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/23 19:01:00 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/23 19:01:00 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/23 19:01:00 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/23 18:58:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 18:57:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/20 15:28:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/20 03:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/02/20 03:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/20 02:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/19 00:10:25 | 000,000,000 | ---D | C] -- C:\Users\Coops\AppData\Roaming\QuickScan
[2010/02/18 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\BurnSuite
[2010/02/18 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\Coops\AppData\Roaming\BurnSuite
[2010/02/18 21:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/18 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/18 21:02:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Coops\AppData\Roaming\Malwarebytes
[2010/02/18 15:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/18 15:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/01/27 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hdgoals.com
[2010/01/14 19:30:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Coops\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 20:29:23 | 002,621,440 | -HS- | M] () -- C:\Users\Coops\ntuser.dat
[2010/02/23 20:28:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Coops\Desktop\OTL.exe
[2010/02/23 20:19:18 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/23 20:19:17 | 000,102,464 | ---- | M] () -- C:\Users\Coops\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 20:19:12 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/23 20:19:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2010/02/23 20:18:31 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 20:18:31 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 20:18:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/23 20:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/23 20:18:14 | 000,377,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 20:17:23 | 3757,182,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 20:07:53 | 000,524,288 | -HS- | M] () -- C:\Users\Coops\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 20:07:53 | 000,065,536 | -HS- | M] () -- C:\Users\Coops\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/02/23 20:01:54 | 001,746,179 | -H-- | M] () -- C:\Users\Coops\AppData\Local\IconCache.db
[2010/02/23 18:31:43 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/23 18:31:43 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/23 18:31:43 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/23 18:28:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F98DE9FF-A12A-442D-82EB-F757649DBA1B}.job
[2010/02/23 17:15:16 | 000,000,057 | ---- | M] () -- C:\autoexec.bat
[2010/02/18 13:18:50 | 000,000,161 | ---- | M] () -- C:\Users\Coops\AppData\Roaming\default.rss
[2010/02/17 22:19:05 | 365,978,312 | ---- | M] () -- C:\Users\Coops\Desktop\Lost.S06E04.HDTV.XviD-P0W4.avi
[2010/02/11 16:53:12 | 000,002,749 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/02/06 17:13:22 | 055,171,614 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/06 15:45:56 | 000,065,024 | ---- | M] () -- C:\Users\Coops\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 19:53:53 | 018,030,130 | ---- | M] () -- C:\Users\Coops\Documents\vlc-1.0.3-win32.exe
[2010/01/27 20:55:53 | 002,128,896 | ---- | M] () -- C:\Users\Coops\AppData\Local\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2010/01/27 20:54:39 | 000,000,680 | ---- | M] () -- C:\Users\Coops\AppData\Local\d3d9caps.dat
[2010/01/25 12:00:35 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/01/25 12:00:35 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/01/25 12:00:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/01/25 12:00:22 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/01/25 11:58:52 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/01/25 08:21:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/01/25 08:21:20 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/01/25 08:21:18 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/01/25 08:21:18 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 22:54:52 | 3757,182,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/17 20:51:37 | 365,978,312 | ---- | C] () -- C:\Users\Coops\Desktop\Lost.S06E04.HDTV.XviD-P0W4.avi
[2010/01/27 20:55:40 | 002,128,896 | ---- | C] () -- C:\Users\Coops\AppData\Local\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2010/01/14 19:31:51 | 000,000,034 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\pcouffin.log
[2010/01/14 19:30:36 | 000,087,608 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\inst.exe
[2010/01/14 19:30:36 | 000,007,887 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\pcouffin.cat
[2010/01/14 19:30:36 | 000,001,144 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\pcouffin.inf
[2009/12/22 19:14:49 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/12/22 19:14:49 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/12/22 19:14:49 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/12/22 19:14:49 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/12/22 19:14:49 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll
[2009/12/22 19:14:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll
[2009/12/22 19:14:49 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/12/22 19:14:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/12/22 19:14:49 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2009/10/17 15:23:19 | 000,000,760 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\setup_ldm.iss
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_11.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_10.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_0C.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_0A.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_09.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_07.dll
[2009/10/13 22:22:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\SaiM0CEA_0402.dll
[2009/08/04 23:29:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 23:29:23 | 000,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/09 23:10:03 | 000,000,166 | ---- | C] () -- C:\Windows\usdthank.ini
[2009/07/09 23:10:03 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini
[2009/06/08 16:29:05 | 002,545,152 | ---- | C] () -- C:\Users\Coops\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/05/16 00:39:15 | 000,000,161 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\default.rss
[2009/05/08 20:51:34 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/08 20:51:33 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/04 14:03:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/04 13:53:28 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2009/05/04 13:53:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2009/03/13 21:42:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7914262FB0.sys
[2009/03/13 21:42:19 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/03/07 10:14:19 | 000,024,964 | ---- | C] () -- C:\Users\Coops\AppData\Roaming\UserTile.png
[2009/03/06 08:45:59 | 000,065,024 | ---- | C] () -- C:\Users\Coops\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 20:09:22 | 000,006,584 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/03/05 19:25:46 | 000,000,680 | ---- | C] () -- C:\Users\Coops\AppData\Local\d3d9caps.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/29 21:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 03:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
< End of report >


Please ignor all the porn lol Thanks!

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 23rd February 2010, 8:56 pm

OTL Extras logfile created on: 23/02/2010 20:29:02 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Coops\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 306.45 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOPS-PC
Current User Name: Coops
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0177F152-C1FE-41A0-A70C-7D9B765C6B5D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{2CDC3019-689B-4238-89BA-8E3B2F5F64BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35426B15-CC3A-4F09-9C93-950D95B4DF9C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AE148A7-9D17-4AD7-816A-4A4FC490B757}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{475FA101-9EBA-476E-8BDC-C0ECADF48B77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4CF7E1B5-29B6-44F1-9A46-5CB7650EE665}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{5644E399-A54A-4CB3-B2F9-BD74EDB54C47}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{68C5E4D7-A27C-4CBB-90C2-F80320CF4BF1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6DF1AFBA-84AC-42D7-8406-7DA40784D42A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8D63DAEC-67A7-4231-AF09-AFA0AED4F80D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9B04BFB3-13F6-4343-867F-7B14B45FC30C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B05C64DF-0402-42C2-8C9E-CA121D297BCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B14746FA-868E-42D9-A64B-BB3CC38F2508}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DDCB5A35-6266-4C89-B6FE-30890818A197}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EDEF8B72-FEE1-4796-906F-EA53AF0AA241}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27B6CBA3-31FD-477C-87DC-7522049BE1F3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5008824A-5AD9-40FE-BADB-3A171B13ACDC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{589DB862-C220-445F-B7FE-8739193C400C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{597976C0-E438-488A-8A91-4F713341EAFF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5F3881AF-60CA-4202-8AE1-7B777BC7B305}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{65889075-6E16-4F1E-8D99-942FA004C132}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{68554DD9-3C30-47DB-BDB5-E9520622506D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{68643E68-C786-4019-9B70-BC90ED49FDEE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{69E7B302-0A27-4B10-A18D-C25656B45D25}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{80CF4EF3-D54C-445A-8074-0FB6DCDCD8E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88C83A5C-C224-4CA4-9159-0D73DC595870}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8CF78940-A2C2-4BCE-A280-A0C04D68AA80}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{94DBE86F-6CAE-4BB8-B391-16852425FEE8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9509ACFB-3672-4461-8C75-8D6986A1E750}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9A0FA838-80CD-438D-AC89-37D284299C3E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A3A3FC71-B504-440C-84C4-842D1C1EDE06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B421A587-F15C-4A2E-B06C-64FC339CA1AF}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{BD1BE138-163E-48D5-9EF6-179A06248262}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5563C00-2E53-45B9-87AA-A4820577C363}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC4921CB-2102-4E00-9B27-AD9B05615A6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8AD0619-36A5-4510-8232-2A5F27A779F1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F8A5ABD2-F029-4FA1-BA6B-F62BCCF7BCD3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FBE60D7A-13D0-4282-AC32-FA504D686FD7}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"TCP Query User{00049931-3C28-400E-AFB3-0B13A5454806}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{01F463A3-7CAD-4539-B7CB-97FBA5287E97}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{051F5BB3-38BD-4C0F-8E7A-8CD5FF085F2A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{20394CC6-A3CD-421E-89F8-9A3CB918D492}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{29CDFDEA-3006-4705-809C-B4DC5D2645F1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{324E5489-CFF1-4E4C-ADE0-BADBD0BC1643}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{36D91A6A-2B65-4F83-B823-D0FC94060D43}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{441ED5CA-0211-4EA1-8618-1ACB12DD762B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{462CF562-65ED-45D5-8DC7-B152BBBB2356}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{5F478898-1932-4038-9847-0E9E86AC92F1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6D30786D-3A98-424C-91A9-C8740B27F8F8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{A7B1D6F1-2DE0-4E6A-8EDC-750822382EBD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DC31F319-CCFE-4B45-AE65-2373BD9FB9D0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E8433590-AA4C-4009-B560-BF093A93EC1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FD18CFCA-8183-49DC-B09F-5E5ED008E31A}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{12E95F49-E749-4D41-9448-285FF9AA304F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1A029F5D-6027-4980-9940-940F40E67FC3}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{1BD5B2CD-D837-41B9-97BA-81339C65EBD0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{212D5D44-1AC4-4F77-B8C6-1B6980265CFA}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2F7B3A6A-76EA-4D5A-99DD-51AB87AB117F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{50ECCCB6-3CE5-414E-9275-5BF736C0F0A1}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{70637B08-7DF6-4EEE-8658-588881E22D6D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{89BC1A61-AE52-4CD1-A523-BA2C3C751A90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A360CEB2-3013-41AD-90AF-FF93A395AD37}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{A41539E4-4C22-4DC9-8646-B74A08020387}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{A6525FC6-D8E7-449D-ABC7-8DBF6CC5ABE7}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{B3B83D62-6B71-40B3-841F-3C9E1F33B919}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{B49495F3-EB2F-4149-9A39-033ADB4349A4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CEAE7DB1-0A33-4A4F-9241-51FE08B68BA9}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{D6B1CEBB-2F77-4D93-8D66-88ACA77E230E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11FC22F2-F582-40ED-B787-2C1FDC04CB3B}" = CorelDRAW Graphics Suite X4 - IPM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1EEC94B9-FB3E-405B-8B92-1826083FD691}" = ASRock WiFi-802.11n
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2958B04A-0905-4689-B8D8-2F511E03AEBA}" = Samsung PC Studio 7
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5ad08040-19b2-40bd-bfc9-362c9b568659}" = Nero 9
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6600970A-BAE7-412A-BFFC-91AD793B3A41}" = ASRock WiFi-802.11n
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = ASRock WiFi-802.11g Install Program
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E0ABC1EF-EAC4-3B90-92D9-E532AC84E002}" = Cooliris for Internet Explorer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC0CD6ED-4BC4-4231-A32C-40D8DBECB8F7}_is1" = Driving Test Success Theory - Car (2008-2009)
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3d images screensaver" = 3d images screensaver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"ASRock IES_is1" = ASRock IES
"ASRock InstantBoot_is1" = ASRock InstantBoot
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Theory Test Professional v2.1.0.0_is1" = Driving Theory Test Professional v2.1.0.0
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"Hdgoals.com Toolbar" = Hdgoals.com Toolbar
"HeadCase Mind Mapper, SmartAce edition" = HeadCase Mind Mapper, SmartAce edition
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung PC Studio 7" = Samsung PC Studio 7
"Spotify" = Spotify
"SystemRequirementsLab" = System Requirements Lab
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/02/2010 14:36:33 | Computer Name = Coops-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2010 14:47:42 | Computer Name = Coops-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2010 14:51:38 | Computer Name = Coops-PC | Source = System Restore | ID = 8209
Description =

Error - 23/02/2010 15:30:22 | Computer Name = Coops-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2010 15:45:44 | Computer Name = Coops-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2010 16:02:33 | Computer Name = Coops-PC | Source = SPP | ID = 16387
Description =

Error - 23/02/2010 16:02:33 | Computer Name = Coops-PC | Source = System Restore | ID = 8193
Description =

Error - 23/02/2010 16:02:42 | Computer Name = Coops-PC | Source = SPP | ID = 16387
Description =

Error - 23/02/2010 16:02:42 | Computer Name = Coops-PC | Source = System Restore | ID = 8193
Description =

Error - 23/02/2010 16:19:05 | Computer Name = Coops-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 15/07/2009 20:33:08 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/07/2009 09:20:25 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/08/2009 14:18:27 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/08/2009 14:18:46 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/08/2009 14:23:33 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20/08/2009 10:04:12 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/09/2009 09:50:54 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/10/2009 20:50:59 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/10/2009 10:20:09 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/10/2009 18:27:10 | Computer Name = Coops-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/02/2010 14:53:49 | Computer Name = Coops-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/02/2010 14:59:51 | Computer Name = Coops-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 23/02/2010 15:28:05 | Computer Name = Coops-PC | Source = DCOM | ID = 10010
Description =

Error - 23/02/2010 15:29:08 | Computer Name = Coops-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23/02/2010 15:45:02 | Computer Name = Coops-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23/02/2010 16:04:45 | Computer Name = Coops-PC | Source = DCOM | ID = 10005
Description =

Error - 23/02/2010 16:04:45 | Computer Name = Coops-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 23/02/2010 16:04:45 | Computer Name = Coops-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/02/2010 16:16:20 | Computer Name = Coops-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 23/02/2010 16:17:22 | Computer Name = Coops-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.


< End of report >

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by Belahzur on 23rd February 2010, 9:48 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Java 2 Runtime Environment, SE v1.4.2_19
    LimeWire 5.1.4
    Vuze
    Vuze Toolbar

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

thannks for the help!

Post by SupaCoopa on 23rd February 2010, 10:12 pm

I cannot delete Vuse or Vuse toolbar...... my add/remove programs icon has vanished, but i typed in appwiz.cpl (with googles help).... all others from your list are gone....
i also changed my firefox setting to...Always ask me where to save..... i didn't know weather to further without deleting vuse...
also ive noticed Vuse is not in my programs list.... thanks

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by Belahzur on 23rd February 2010, 10:15 pm

Okay, leave Vuze for now and carry on with Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 23rd February 2010, 11:03 pm

I got rid of Vuse....

And went through the whole Combofix thing......phew......
Im thinking any changes that i notice are all for good measure!

I promise to not download from any shit sources ever again....

I will post a donation as soon as funds allow! i promise!...

Chuffed to bits!!! Thank you for your time....your doing a good good thing for people.....most people are out to screw others these days!
Thanks again! Coops

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 23rd February 2010, 11:06 pm

Do you want me to send anything back???? have i missed something lol

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by Belahzur on 25th February 2010, 12:21 am

Can you post the Combofix log please. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 25th February 2010, 2:29 am

i have just got home....its 2.30am....and im going to bed.... but i will post the log tomorrow.....
I noticed simmilar crazy things happening to my pc again today... i dont think it completely removed the virus... anyway we will try tomorrow...thanks for the help!!!!!

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by SupaCoopa on 25th February 2010, 12:40 pm

Hi Smile
I re-did a combofix today..... here is the txt

ComboFix 10-02-24.03 - Coops 25/02/2010 12:30:57.3.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3582.2416 [GMT 0:00]
Running from: c:\users\Coops\Pictures\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 12:34 . 2010-02-25 12:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-25 12:34 . 2010-02-25 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-24 02:08 . 2010-02-25 02:42 -------- d-----w- c:\users\Coops\AppData\Roaming\uTorrent
2010-02-24 02:06 . 2010-02-25 11:49 55692 ----a-w- c:\users\Coops\AppData\Local\prvlcl.dat
2010-02-23 22:54 . 2010-02-25 12:34 -------- d-----w- c:\users\Coops\AppData\Local\temp
2010-02-23 19:03 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-23 19:03 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-23 19:03 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:00 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 19:00 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 18:58 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 18:57 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 15:28 . 2010-02-20 15:28 -------- d-----w- c:\windows\Sun
2010-02-20 03:07 . 2010-02-20 03:07 -------- d-----w- c:\programdata\Avira
2010-02-20 03:07 . 2010-02-20 03:07 -------- d-----w- c:\program files\Avira
2010-02-19 00:10 . 2010-02-19 00:13 -------- d-----w- c:\users\Coops\AppData\Roaming\QuickScan
2010-02-18 21:53 . 2010-02-18 21:54 -------- d-----w- c:\program files\BurnSuite
2010-02-18 21:52 . 2010-02-18 21:52 -------- d-----w- c:\users\Coops\AppData\Roaming\BurnSuite
2010-02-18 21:46 . 2010-02-18 21:46 -------- d-----w- c:\programdata\Alwil Software
2010-02-18 21:46 . 2010-02-18 21:46 -------- d-----w- c:\program files\Alwil Software
2010-02-18 15:42 . 2010-02-18 15:42 -------- d-----w- c:\users\Coops\AppData\Roaming\Malwarebytes
2010-02-18 15:42 . 2010-02-18 15:42 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 15:42 . 2010-02-23 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 22:06 . 2010-02-17 22:06 -------- d-----w- c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-01-27 20:55 . 2010-01-27 20:55 2128896 ----a-w- c:\users\Coops\AppData\Local\cooliris-win-ie-release-1.11.7.31969.en-US.msi
2010-01-27 20:54 . 2010-02-23 18:22 -------- d-----w- c:\program files\Conduit
2010-01-27 20:54 . 2010-02-23 18:22 -------- d-----w- c:\program files\Hdgoals.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 11:47 . 2009-05-08 20:51 31871 ----a-w- c:\programdata\nvModes.dat
2010-02-24 22:30 . 2009-09-20 16:57 -------- d-----w- c:\users\Coops\AppData\Roaming\Spotify
2010-02-24 21:59 . 2009-06-01 23:02 117760 ----a-w- c:\users\Coops\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-24 02:09 . 2009-03-05 23:15 -------- d-----w- c:\program files\uTorrent
2010-02-23 22:02 . 2009-03-15 00:57 -------- d-----w- c:\program files\Java
2010-02-23 22:02 . 2009-03-15 00:57 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 20:19 . 2009-03-05 19:26 102464 ----a-w- c:\users\Coops\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 20:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-23 20:04 . 2009-03-17 20:09 -------- d-----w- c:\programdata\Microsoft Help
2010-02-23 18:53 . 2009-03-05 23:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-23 18:22 . 2009-03-05 23:21 -------- d-----w- c:\users\Coops\AppData\Roaming\vlc
2010-02-23 18:22 . 2009-11-07 03:43 -------- d-----w- c:\program files\Vuze
2010-02-23 18:22 . 2009-11-07 03:43 -------- d-----w- c:\program files\AskBarDis
2010-02-22 01:12 . 2009-09-30 23:27 -------- d-----w- c:\program files\Microsoft
2010-02-22 01:11 . 2009-03-06 08:41 -------- d-----w- c:\programdata\NVIDIA
2010-02-22 01:10 . 2009-05-08 19:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-18 21:23 . 2009-11-03 00:38 -------- d-----w- c:\programdata\avg9
2010-02-11 16:53 . 2009-04-15 11:55 -------- d-----w- c:\programdata\Driving Test Success
2010-02-06 17:08 . 2009-10-17 11:45 -------- d-----w- c:\program files\Veetle
2010-01-27 20:54 . 2009-03-05 19:25 680 ----a-w- c:\users\Coops\AppData\Local\d3d9caps.dat
2010-01-27 20:21 . 2009-04-18 15:02 -------- d-----w- c:\program files\TVAnts
2010-01-25 12:00 . 2010-02-23 19:01 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:01 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:01 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:01 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:01 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:01 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:01 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:01 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-22 12:01 . 2009-09-13 11:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 00:54 . 2009-11-07 03:44 -------- d-----w- c:\users\Coops\AppData\Roaming\Azureus
2010-01-18 00:20 . 2010-01-18 00:20 52224 ----a-w- c:\users\Coops\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 19:39 . 2010-01-14 19:30 -------- d-----w- c:\users\Coops\AppData\Roaming\Vso
2010-01-14 19:39 . 2010-01-14 19:30 -------- d-----w- c:\program files\DVDFab 6
2010-01-14 19:30 . 2010-01-14 19:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-14 19:30 . 2010-01-14 19:30 47360 ----a-w- c:\users\Coops\AppData\Roaming\pcouffin.sys
2010-01-14 19:30 . 2010-01-14 19:30 47360 ----a-w- c:\users\Coops\AppData\Roaming\pcouffin.sys
2010-01-14 13:41 . 2009-10-07 00:36 -------- d-----w- c:\users\Coops\AppData\Roaming\mIRC
2010-01-06 15:39 . 2010-02-23 19:01 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 19:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 19:01 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:01 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-23 19:01 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:01 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 13:56 . 2009-03-13 21:42 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-06 13:56 . 2009-03-13 21:42 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-06 13:30 . 2010-02-23 19:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-06 12:08 . 2010-01-08 18:06 4726272 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 12:08 . 2010-01-08 18:06 103424 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 12:08 . 2010-01-08 18:06 57856 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 12:08 . 2010-01-08 18:06 545280 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 12:08 . 2010-01-08 18:06 4725760 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 12:08 . 2010-01-08 18:06 344064 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 12:08 . 2010-01-08 18:06 153600 ----a-w- c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-04 02:25 . 2010-01-04 00:30 -------- d-----w- c:\users\Coops\AppData\Roaming\Yahoo!
2010-01-04 00:30 . 2010-01-04 00:30 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-04 00:30 . 2010-01-04 00:29 -------- d-----w- c:\programdata\Yahoo!
2010-01-04 00:30 . 2010-01-04 00:28 -------- d-----w- c:\program files\Yahoo!
2010-01-02 06:38 . 2010-01-22 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:38 . 2010-01-22 17:12 916480 ----a-w- c:\windows\system32\wininet(375).dll
2010-01-02 06:38 . 2010-01-22 17:12 1208832 ----a-w- c:\windows\system32\urlmon(371).dll
2010-01-02 06:32 . 2010-01-22 17:12 1985536 ----a-w- c:\windows\system32\iertutil(323).dll
2010-01-02 06:32 . 2010-01-22 17:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 17:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 17:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\programdata\UAB
2009-12-29 16:20 . 2009-12-29 16:20 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-12-29 16:19 . 2009-12-29 16:19 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-12-08 20:01 . 2010-02-23 19:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-23 19:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-23 19:01 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-23 19:01 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-23 19:01 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-23 19:01 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-23 19:01 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-23 19:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-23 19:01 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-23 19:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-23 19:01 91136 ----a-w- c:\windows\system32\avifil32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{86f669cf-ddb5-4976-8c70-2eaf49e618f8}"= "c:\program files\Hdgoals.com\tbHdgo.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{86f669cf-ddb5-4976-8c70-2eaf49e618f8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86f669cf-ddb5-4976-8c70-2eaf49e618f8}]
2009-11-09 18:38 2331672 ----a-w- c:\program files\Hdgoals.com\tbHdgo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{86f669cf-ddb5-4976-8c70-2eaf49e618f8}"= "c:\program files\Hdgoals.com\tbHdgo.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{86f669cf-ddb5-4976-8c70-2eaf49e618f8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{86F669CF-DDB5-4976-8C70-2EAF49E618F8}"= "c:\program files\Hdgoals.com\tbHdgo.dll" [2009-11-09 2331672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{86f669cf-ddb5-4976-8c70-2eaf49e618f8}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SamsungPCSuiteTrayApplication"="c:\program files\Samsung\Samsung PC Studio 7\LaunchApplication.exe" [2008-08-06 278016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2007-12-04 1241088]

c:\users\Coops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-17 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 23:16 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):70,6e,92,16,60,15,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/03/2009 21:34 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/03/2009 21:34 360584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [05/03/2009 20:12 15360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [26/05/2009 09:05 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 66632]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [07/11/2009 03:43 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [07/11/2009 03:43 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/11/2009 00:38 285392]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 14:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 14:17 8320]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\System32\drivers\nmwcdsa.sys [02/05/2007 15:32 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\System32\drivers\nmwcdsac.sys [02/05/2007 15:31 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\System32\drivers\nmwcdsacj.sys [02/05/2007 15:31 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\System32\drivers\nmwcdsacm.sys [02/05/2007 15:31 12288]
S3 SaiK0728;SaiK0728;c:\windows\System32\drivers\SaiK0728.sys [13/10/2009 22:36 104960]
S3 SaiK0CEA;SaiK0CEA;c:\windows\System32\drivers\SaiK0CEA.sys [13/10/2009 22:22 104960]
S3 SaiU0CEA;SaiU0CEA;c:\windows\System32\drivers\SaiU0CEA.sys [13/10/2009 22:24 28544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASRock WiFi-802.11g Install Program\RtWLan.exe [2009-03-05 18:00]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{F98DE9FF-A12A-442D-82EB-F757649DBA1B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsaidetect.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsaidetect_AVG_RESTORED.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Coops\AppData\Roaming\Mozilla\Firefox\Profiles\fxd44v4n.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Coops\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-25 12:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4396)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-02-25 12:36:33
ComboFix-quarantined-files.txt 2010-02-25 12:36
ComboFix2.txt 2010-02-25 12:28
ComboFix3.txt 2010-02-23 22:54

Pre-Run: 330,099,945,472 bytes free
Post-Run: 330,061,017,088 bytes free

- - End Of File - - 6AF84AC1964F10FCD4A226F8EDAF5265

SupaCoopa
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-23
OS OS : Vista
Points Points : 24908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus....Keeps opening windows...and more....

Post by Belahzur on 25th February 2010, 11:02 pm

Hello.
I still see the Ask Toolbar, did you remove the Zube Toolbar.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum