GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Scareware, errors, and windows defender will not turn on now.

View previous topic View next topic Go down

Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 6:23 am

I recently managed to get a scareware "antivirus" virus. It would not let me run any programs after it had installed itself, so I restarted in safe mode and ran malware bytes and ad-aware scanner. I also ran CCleaner to empty out useless stuff. After (supposedly) removing this virus I re-ran malware bytes and ad-aware, found more, and restarted again. I began getting an error that Windows defender failed to initialize and another error saying "Error Loading mkyjceut.dll the specified module could not be found." After again running malware bytes and ad-aware (both of which found no additional threats) I ran a HiJackThis log to see if I could find out myself where these errors were coming from and try and find out how to re-initialize Windows Defender (it will not start if I attempt to do it manually). I have important files backed up and have the ability to re-format, but I would love to not have to resort to this. Below I am posting my HiJackThis Log, after this I have posted 2 MWB log files (the third scan shows no infection) to show you the progression the removal took (and to also show you what this virus was). Thanks for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:00 PM, on 6/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [skb] rundll32 "mkyjceut.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\Windows\system32\jxezjkvb.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: CacheDump - Unknown owner - C:\Users\Sp4rks\AppData\Local\Temp\cachedump64.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca93ef33a13470) (gupdate1ca93ef33a13470) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 11260 bytes

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4116

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

6/2/2010 10:55:20 PM
mbam-log-2010-06-02 (22-55-20).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 392819
Time elapsed: 58 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 10
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2029d52b-3467-4d17-a0f1-08c72144f727} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tjfgwvys (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bvzxdjssfydxv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\mkyjceut.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0GW1048\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0GW1048\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW10AOZ4\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\wcmxoaners.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\wsxcnraoem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\Kmc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\wg5pnu46y.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\hoeaxxwgs\vtvvxyjtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\zdvzphmwjylimf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4166

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/2/2010 11:20:22 PM
mbam-log-2010-06-02 (23-20-22).txt

Scan type: Quick scan
Objects scanned: 145692
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\te9k6.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Windows\System32\te9k6.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\1347486459.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\1416136459.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\khvcol.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\ntload.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\oyxg9jutywz8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Sp4rks\AppData\Local\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by Crush on Thu Jun 03, 2010 6:59 pm

Hello and Welcome to GeekPolice.net.

My name is Crush but, you can call me Chris too , and I will do my best to help get your problem resolved today.

I am currently a student in GeekPolice Academy, and will be a little delayed on each reply, as my instructors must review and approve each reply.

[You must be registered and logged in to see this link.]

If you have any questions, please ask, and I will do my best to get to the question promptly.

Please wait here, while I get the first set of instructions for you.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 7:23 pm

I know you are creating instructions currently for me, however I managed to remove a few of the registry keys that had been added to prevent me from using things such as system restore. I managed to revert to a saved state from 4 days ago. I re-ran a scan with HijackThis just now and am posting currently. I do not know if there are any lasting effects of this virus (or any other virus for that matter), but any help would be appreciated. I am posting the current HijackThis log. Also as I understand this virus exploited my Java installation, so after the restore I removed all java installations and re-installed in order to run a Kaspersky scan (which is currently still running). After it has finished I will run MWB and AAW scans again to check their results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:58 PM, on 6/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: CacheDump - Unknown owner - C:\Users\Sp4rks\AppData\Local\Temp\cachedump64.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca93ef33a13470) (gupdate1ca93ef33a13470) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 11550 bytes

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by Crush on Thu Jun 03, 2010 7:27 pm

hi sp4rks,

Please refrain from running any more scans or doing anything until I have instructions out to you. Thanks

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by Crush on Thu Jun 03, 2010 7:43 pm

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 8:09 pm

Part1:

OTL logfile created on: 6/3/2010 1:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Sp4rks\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 60.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 365.28 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 688.45 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.15% Space Free | Partition Type: FAT32

Computer Name: PWNSN00BS
Current User Name: Sp4rks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 13:44:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Sp4rks\Desktop\OTL.exe
PRC - [2010/06/03 11:53:59 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Sp4rks\AppData\Local\Temp\jkos-Sp4rks\binaries\ScanningProcess.exe
PRC - [2010/06/03 11:52:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2010/06/03 11:52:23 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2010/05/27 16:41:31 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/27 16:41:29 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/06 16:35:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/30 21:20:26 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/09/30 21:18:40 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2009/09/30 21:17:54 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/09/30 20:22:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/17 17:12:04 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 13:44:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Sp4rks\Desktop\OTL.exe
MOD - [2009/04/11 00:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/04/11 00:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 20:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2006/11/02 03:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/20 17:14:26 | 000,427,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2010/01/07 16:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 16:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/09/24 19:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/04/29 20:07:00 | 000,078,992 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/04/11 01:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 01:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 01:11:13 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/04/11 01:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/02/25 15:34:02 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/05/27 16:41:29 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/20 17:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/09/30 21:20:26 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/09/30 21:18:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/30 21:17:54 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/09/30 20:22:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/28 21:02:08 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/29 20:07:00 | 000,176,872 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/04/11 00:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 22:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/08 23:40:07 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/12/23 09:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2006/11/02 07:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/04 09:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/09/30 21:21:52 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/09/30 21:21:48 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/09/30 21:21:46 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/09/30 21:21:42 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/09/30 20:22:52 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 16:45:24 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/09/30 16:45:24 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/25 15:13:55 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2009/09/17 07:06:24 | 000,033,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2009/09/09 19:57:00 | 000,131,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/08/16 12:29:50 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)
DRV:64bit: - [2009/07/14 12:18:49 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf)
DRV:64bit: - [2009/04/29 20:07:00 | 000,466,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/04/29 20:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/04/29 20:07:00 | 000,097,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/04/29 20:07:00 | 000,083,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/04/29 20:07:00 | 000,076,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/04/11 01:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/10 23:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/10 23:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WinUSB.sys -- (WinUSB)
DRV:64bit: - [2009/04/10 22:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/02/25 17:00:20 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/19 23:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2008/12/23 09:35:42 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2008/09/21 09:37:50 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/05/29 12:33:10 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/04/28 07:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/01/20 20:49:39 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UMPass)
DRV:64bit: - [2008/01/20 20:48:54 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007/12/06 10:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/11 19:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\amdide64.sys -- (amdide64)
DRV:64bit: - [2007/05/31 12:39:32 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/05 16:56:26 | 000,038,400 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/09/28 21:01:30 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/06/24 05:41:58 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2008/01/20 20:49:01 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/09/18 15:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2004/06/22 15:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 8D 72 48 05 EF CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "myspace.com"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:0.19.3
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8008
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/09 15:15:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/03 11:52:32 | 000,000,000 | ---D | M]

[2008/06/23 16:38:08 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Extensions
[2010/06/03 11:47:53 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Firefox\Profiles\n45w0oly.default\extensions
[2010/04/28 01:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Firefox\Profiles\n45w0oly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/26 12:59:53 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Firefox\Profiles\n45w0oly.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010/05/25 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Firefox\Profiles\n45w0oly.default\extensions\firebug@software.joehewitt.com
[2010/02/11 15:51:34 | 000,000,931 | ---- | M] () -- C:\Users\Sp4rks\AppData\Roaming\Mozilla\Firefox\Profiles\n45w0oly.default\searchplugins\dictionary.xml
[2010/06/03 11:52:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 23:48:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/03 11:52:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/06/03 11:52:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/31 12:31:32 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/11/01 14:31:50 | 000,000,759 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sp4rks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE File not found
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\MSMSGS.EXE File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Sp4rks\Downloads\haloreach.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sp4rks\Downloads\haloreach.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/17 13:31:27 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{629347af-5bae-11df-9deb-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{629347af-5bae-11df-9deb-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{63d21c4f-22f4-11de-aca5-001fc6717373}\Shell - "" = AutoRun
O33 - MountPoints2\{63d21c4f-22f4-11de-aca5-001fc6717373}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 01:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{a8a2be5d-1ebc-11de-b5c6-001fc6717373}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 01:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 21:05:52 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 21:07:48 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^Users^Sp4rks^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\PROGRA~2\OPENOF~1.4\program\QUICKS~1.EXE - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim6 - hkey= - key= - C:\Program Files (x86)\AIM6\aim6.exe File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: OLPSYNCH - hkey= - key= - C:\Program Files (x86)\Offline Course Player\OlpSynch.exe File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= - C:\Windows\SysNative\oobefldr.dll (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WudfPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: McAfeeEngineService - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WudfPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 13:44:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Sp4rks\Desktop\OTL.exe
[2010/06/03 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/03 11:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/02 23:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/02 21:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/06/01 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\Documents\Scanned Documents
[2010/06/01 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\Documents\Fax
[2010/06/01 15:17:12 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\AppData\Local\HP
[2010/06/01 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\AppData\Roaming\HpUpdate
[2010/05/19 02:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\AppData\Roaming\Malwarebytes
[2010/05/19 02:56:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/19 02:56:37 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/19 02:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/19 02:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/19 00:43:23 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\Desktop\Shane Walker Pictures
[2010/05/13 13:37:56 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/13 13:35:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/24 12:05:57 | 000,017,536 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\drivers\NtpaSp50.sys
[2010/04/24 11:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/21 23:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/30 14:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/03/30 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sp4rks\AppData\Local\IsolatedStorage
[2010/03/30 14:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/03/30 14:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[1996/11/12 22:25:44 | 000,018,944 | R--- | C] ( ) -- C:\Windows\SysWow64\implode.dll

========== Files - Modified Within 90 Days ==========

[2010/06/03 13:47:30 | 004,456,448 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat
[2010/06/03 13:44:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Sp4rks\Desktop\OTL.exe
[2010/06/03 13:37:13 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 13:37:13 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 13:16:49 | 000,001,928 | ---- | M] () -- C:\Users\Sp4rks\Desktop\HijackThis.lnk
[2010/06/03 13:09:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 11:40:46 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/03 11:37:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 11:37:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/03 11:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/03 02:51:54 | 000,524,288 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 02:51:54 | 000,065,536 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TM.blf
[2010/06/03 02:51:50 | 001,930,577 | -H-- | M] () -- C:\Users\Sp4rks\AppData\Local\IconCache.db
[2010/06/03 02:21:35 | 000,524,288 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 02:08:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A04E33E-4711-4874-84BD-43C1DD2AB150}.job
[2010/06/03 01:59:10 | 000,524,288 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat{c34ba8ed-1808-11df-a3ac-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 01:59:10 | 000,065,536 | -HS- | M] () -- C:\Users\Sp4rks\ntuser.dat{c34ba8ed-1808-11df-a3ac-005056c00008}.TM.blf
[2010/06/02 16:53:08 | 000,012,641 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6572-Journal2.docx
[2010/06/01 15:34:11 | 000,652,846 | ---- | M] () -- C:\Users\Sp4rks\Documents\MarkTurner.JPG
[2010/06/01 15:17:35 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/01 15:17:35 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/01 15:17:35 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TM.blf
[2010/06/01 15:17:34 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2010/05/31 02:41:45 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/31 01:05:05 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/05/26 16:01:18 | 000,002,651 | ---- | M] () -- C:\Users\Sp4rks\Desktop\Microsoft Office Word 2007.lnk
[2010/05/19 20:13:13 | 000,445,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/19 03:31:56 | 000,091,648 | ---- | M] () -- C:\Users\Sp4rks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 02:56:40 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/17 16:52:09 | 000,018,062 | ---- | M] () -- C:\Users\Sp4rks\Documents\Program of Study - Nathan Clark.docx
[2010/05/17 15:58:17 | 000,820,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/17 15:58:17 | 000,690,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/17 15:58:17 | 000,135,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/13 13:37:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/13 13:37:44 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/13 13:35:32 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/02 01:26:50 | 000,567,967 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6480ProjectII.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/23 14:46:44 | 000,000,865 | ---- | M] () -- C:\Users\Sp4rks\WebScarab.properties
[2010/04/23 14:46:16 | 010,010,100 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6570HW#1.docx
[2010/04/20 10:42:10 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/18 11:07:49 | 001,388,495 | ---- | M] () -- C:\Users\Sp4rks\Documents\ForensicsInvestigationBentleyClarkHansenRogersSorensonTak.docx
[2010/04/18 11:07:25 | 001,388,512 | ---- | M] () -- C:\Users\Sp4rks\ForensicsInvestigationBentleyClarkHansenRogersSorensonTak.docx
[2010/04/14 09:32:00 | 000,002,625 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/13 15:16:47 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/13 11:56:40 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/04/12 22:13:05 | 006,759,155 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6571_HW#2.docx
[2010/03/16 16:23:17 | 000,048,661 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6471_Drupal_Hist+.pptx
[2010/03/14 23:52:14 | 005,691,168 | ---- | M] () -- C:\Users\Sp4rks\Documents\IS6571_HW#1.docx

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 8:10 pm

Part2:

========== Files Created - No Company Name ==========

[2010/06/03 13:16:49 | 000,001,928 | ---- | C] () -- C:\Users\Sp4rks\Desktop\HijackThis.lnk
[2010/06/03 11:40:45 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/03 02:07:03 | 000,524,288 | -HS- | C] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 02:07:03 | 000,524,288 | -HS- | C] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 02:07:03 | 000,065,536 | -HS- | C] () -- C:\Users\Sp4rks\ntuser.dat{fefda18a-6ecf-11df-8b27-005056c00008}.TM.blf
[2010/06/02 16:53:08 | 000,012,641 | ---- | C] () -- C:\Users\Sp4rks\Documents\IS6572-Journal2.docx
[2010/06/01 15:35:10 | 000,652,846 | ---- | C] () -- C:\Users\Sp4rks\Documents\MarkTurner.JPG
[2010/06/01 15:17:34 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/01 15:17:34 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/01 15:17:34 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2010/06/01 15:17:34 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{b57b48f0-6dba-11df-af70-005056c00008}.TM.blf
[2010/06/01 15:17:34 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2010/06/01 15:17:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2010/05/19 02:56:40 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/17 16:52:08 | 000,018,062 | ---- | C] () -- C:\Users\Sp4rks\Documents\Program of Study - Nathan Clark.docx
[2010/05/13 17:54:26 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/13 13:35:32 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/04/30 15:35:23 | 000,567,967 | ---- | C] () -- C:\Users\Sp4rks\Documents\IS6480ProjectII.docx
[2010/04/18 11:07:25 | 001,388,512 | ---- | C] () -- C:\Users\Sp4rks\ForensicsInvestigationBentleyClarkHansenRogersSorensonTak.docx
[2010/04/17 11:29:28 | 001,388,495 | ---- | C] () -- C:\Users\Sp4rks\Documents\ForensicsInvestigationBentleyClarkHansenRogersSorensonTak.docx
[2010/04/13 15:16:47 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/12 22:13:04 | 006,759,155 | ---- | C] () -- C:\Users\Sp4rks\Documents\IS6571_HW#2.docx
[2010/03/30 14:33:36 | 000,002,625 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/03/16 16:23:17 | 000,048,661 | ---- | C] () -- C:\Users\Sp4rks\Documents\IS6471_Drupal_Hist+.pptx
[2010/03/14 23:52:13 | 005,691,168 | ---- | C] () -- C:\Users\Sp4rks\Documents\IS6571_HW#1.docx
[2010/02/12 14:07:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/02/12 14:06:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 12:54:49 | 000,000,028 | ---- | C] () -- C:\Windows\UML.INI
[2009/02/22 11:24:44 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/23 09:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/11/06 00:06:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/10 22:03:48 | 000,836,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/07/01 17:31:06 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/06/02 23:16:52 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Azureus
[2008/09/21 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\DAEMON Tools
[2009/09/25 20:57:14 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\FileVerifier++
[2009/07/23 13:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\FreeCap
[2009/09/13 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\IBM
[2008/08/13 14:07:57 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Research In Motion
[2009/09/13 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sp4rks\AppData\Roaming\Wireshark
[2010/06/03 11:40:46 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/06/03 02:52:03 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/03 02:08:01 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7A04E33E-4711-4874-84BD-43C1DD2AB150}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2008/11/01 12:40:28 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2010/06/03 12:53:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$I1HRWQR
[2010/06/03 12:54:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$I3DHXB1.zenmap
[2010/06/03 12:53:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$I4I5HQL.5
[2010/06/03 12:55:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$I4NXSWB.avi
[2010/06/03 12:56:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$IAG27F5
[2010/06/03 12:54:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$IPZQ1NK
[2010/06/03 12:53:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$ITXL34K
[2010/06/03 13:00:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$IXUWJAB
[2008/09/23 09:55:48 | 103,564,484 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4NXSWB.avi
[2008/06/23 14:56:53 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\desktop.ini
[2009/09/13 13:27:37 | 000,002,153 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R3DHXB1.zenmap\scan_profile.usp
[2009/09/13 13:27:37 | 000,001,437 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R3DHXB1.zenmap\zenmap.conf
[2009/09/13 13:44:08 | 000,018,432 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R3DHXB1.zenmap\zenmap.db
[2009/09/13 13:27:37 | 000,000,005 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R3DHXB1.zenmap\zenmap_version
[2008/10/14 20:39:08 | 000,195,830 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\background.tga
[2008/10/14 20:39:08 | 000,001,932 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\Changelog-FuBar-v3.5.txt
[2008/10/14 20:39:08 | 000,000,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\embeds.xml
[2008/10/14 20:39:08 | 000,003,662 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-deDE.lua
[2008/10/14 20:39:08 | 000,002,338 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-enUS.lua
[2008/10/14 20:39:08 | 000,003,454 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-esES.lua
[2008/10/14 20:39:08 | 000,004,002 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-frFR.lua
[2008/10/14 20:39:08 | 000,003,428 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-koKR.lua
[2008/10/14 20:39:08 | 000,002,969 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-zhCN.lua
[2008/10/14 20:39:08 | 000,003,426 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar-Locale-zhTW.lua
[2008/10/14 20:39:08 | 000,040,657 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar.lua
[2008/10/14 20:39:08 | 000,000,853 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar.toc
[2008/10/14 20:39:08 | 000,034,588 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\FuBar_Panel.lua
[2008/10/14 20:39:08 | 000,000,730 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\LICENSE.txt
[2008/10/14 20:39:08 | 000,000,216 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibJostle-3.0\lib.xml
[2008/10/14 20:39:08 | 000,016,696 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibJostle-3.0\LibJostle-3.0.lua
[2008/10/14 20:39:08 | 000,000,333 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibJostle-3.0\LibJostle-3.0.toc
[2008/10/14 20:39:08 | 000,000,752 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibJostle-3.0\LICENSE.txt
[2008/10/14 20:39:08 | 000,002,250 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibJostle-3.0\LibStub\LibStub.lua
[2008/10/14 20:39:08 | 000,000,254 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRock-1.0\lib.xml
[2008/10/14 20:39:08 | 000,096,980 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRock-1.0\LibRock-1.0.lua
[2008/10/14 20:39:08 | 000,000,368 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRock-1.0\LibRock-1.0.toc
[2008/10/14 20:39:08 | 000,001,397 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRock-1.0\LibStub\LibStub.lua
[2008/10/14 20:39:08 | 000,000,220 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockConfig-1.0\lib.xml
[2008/10/14 20:39:08 | 000,249,662 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockConfig-1.0\LibRockConfig-1.0.lua
[2008/10/14 20:39:08 | 000,000,357 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockConfig-1.0\LibRockConfig-1.0.toc
[2008/10/14 20:39:08 | 000,000,216 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockDB-1.0\lib.xml
[2008/10/14 20:39:08 | 000,065,888 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockDB-1.0\LibRockDB-1.0.lua
[2008/10/14 20:39:08 | 000,000,305 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockDB-1.0\LibRockDB-1.0.toc
[2008/10/14 20:39:08 | 000,000,219 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockEvent-1.0\lib.xml
[2008/10/14 20:39:08 | 000,026,045 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockEvent-1.0\LibRockEvent-1.0.lua
[2008/10/14 20:39:08 | 000,000,305 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockEvent-1.0\LibRockEvent-1.0.toc
[2008/10/14 20:39:08 | 000,000,218 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockHook-1.0\lib.xml
[2008/10/14 20:39:08 | 000,023,811 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockHook-1.0\LibRockHook-1.0.lua
[2008/10/14 20:39:08 | 000,000,306 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockHook-1.0\LibRockHook-1.0.toc
[2008/10/14 20:39:08 | 000,000,220 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockLocale-1.0\lib.xml
[2008/10/14 20:39:08 | 000,019,938 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockLocale-1.0\LibRockLocale-1.0.lua
[2008/10/14 20:39:08 | 000,000,313 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockLocale-1.0\LibRockLocale-1.0.toc
[2008/10/14 20:39:08 | 000,000,219 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockTimer-1.0\lib.xml
[2008/10/14 20:39:08 | 000,014,901 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockTimer-1.0\LibRockTimer-1.0.lua
[2008/10/14 20:39:08 | 000,000,305 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibRockTimer-1.0\LibRockTimer-1.0.toc
[2008/10/01 23:07:04 | 000,001,367 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibStub\LibStub.lua
[2008/10/01 23:07:04 | 000,000,253 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$R4I5HQL.5\FuBar\libs\LibStub\LibStub.toc
[2008/01/20 21:21:14 | 000,000,536 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RLT1LV8\desktop.ini
[2009/09/30 11:03:09 | 000,915,853 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\Assign1Solution.zip
[2009/12/10 15:09:40 | 000,018,412 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\GroupProject.zip
[2009/09/30 11:12:28 | 002,978,497 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\Museum with Javascript.zip
[2009/11/12 13:56:41 | 000,063,253 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\PhoenixSoccerDatabase2.zip
[2009/09/30 11:03:40 | 000,002,059 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\PHPValidation.zip
[2009/09/16 17:39:20 | 000,453,232 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\computerphotos.zip
[2009/09/16 12:26:36 | 000,001,586 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\index.php
[2009/09/16 12:26:45 | 000,000,705 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\museum.php
[2009/09/16 17:10:46 | 002,977,542 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\museumzipped.zip
[2009/09/16 12:26:39 | 000,000,706 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\newuser.php
[2009/09/16 12:26:48 | 000,000,707 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\purchase.php
[2009/09/16 12:26:42 | 000,000,864 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\style1.css
[2009/09/16 12:31:37 | 016,032,571 | ---- | M] (Romain Bourdon (Roms) ) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW1\WampServer2.0i.exe
[2009/09/16 17:21:32 | 000,001,839 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\index.php
[2009/10/01 15:37:02 | 000,004,348 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\Museum Javascript.zip
[2009/09/16 18:03:02 | 000,003,443 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\museum.php
[2009/09/30 11:28:49 | 000,003,616 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\newuser.php
[2009/09/16 18:05:32 | 000,002,503 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\purchase.php
[2009/09/16 18:10:19 | 000,001,148 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\Style1.css
[2009/09/30 11:26:40 | 000,000,700 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW2\submission.php
[2009/09/16 17:39:49 | 000,017,423 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1970s-comp-18-464x280.jpg
[2009/09/16 17:39:49 | 000,107,811 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1972_hp35.jpg
[2009/09/16 17:39:49 | 000,079,417 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1977_apple.jpg
[2009/09/16 17:39:49 | 000,023,436 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1979_Ad_400-800.jpg
[2009/09/16 17:39:49 | 000,015,218 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1982_commodore_64.jpg
[2009/09/16 17:39:49 | 000,020,444 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1991_linus1991.jpg
[2009/09/16 17:39:49 | 000,103,572 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1993_mosaic_browser_large.jpg
[2009/09/16 17:39:49 | 000,033,855 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\1994_yahoo_large.jpg
[2009/09/16 17:39:49 | 000,078,381 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\Apple.Lisa.1983.102634506.fc.lg.jpg
[2009/11/12 17:52:40 | 000,459,972 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\HW3&4.zip
[2009/09/16 17:39:49 | 000,007,908 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\ibmpc_t.jpg
[2009/11/12 15:51:07 | 000,001,817 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\index.php
[2009/11/12 15:38:57 | 000,002,345 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\landing.php
[2009/11/12 14:27:22 | 000,000,226 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\logout.php
[2009/11/12 15:20:21 | 000,003,689 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\museum.php
[2009/11/12 15:51:07 | 000,005,900 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\newuser.php
[2009/11/12 14:05:31 | 000,002,549 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\purchase.php
[2009/11/12 15:22:30 | 000,001,239 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\Style1.css
[2009/11/12 14:05:31 | 000,000,746 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\submission.php
[2009/09/16 12:33:47 | 000,000,120 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\nbproject\project.properties
[2009/09/16 12:33:47 | 000,000,334 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\nbproject\project.xml
[2009/09/16 12:33:47 | 000,000,103 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\nbproject\private\private.properties
[2009/10/08 16:37:33 | 000,000,211 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RPZQ1NK\HW3&4\nbproject\private\private.xml
[2010/02/12 00:02:48 | 000,435,712 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\spclite.exe
[2010/02/12 00:02:48 | 000,002,560 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\acres.dll
[2010/02/12 00:02:48 | 000,058,426 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\drvmain.sdb
[2010/02/12 00:02:48 | 000,115,712 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\sdbapiu.dll
[2010/02/12 00:02:48 | 000,011,379 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\spc.cat
[2010/02/12 00:02:48 | 000,014,336 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\spcmsg.dll
[2010/02/12 00:02:48 | 000,238,592 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\sperror.dll
[2010/02/12 00:02:48 | 000,173,568 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\spwizui.dll
[2010/02/12 00:02:48 | 000,055,246 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\sysmain.sdb
[2010/02/12 00:02:48 | 000,336,384 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\de-de\acres.dll.mui
[2010/02/12 00:02:48 | 000,005,632 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\de-de\spcmsg.dll.mui
[2010/02/12 00:02:48 | 000,005,632 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\de-de\sperror.dll.mui
[2010/02/12 00:02:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\de-de\spwizui.dll.mui
[2010/02/12 00:02:49 | 000,287,744 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\en-us\acres.dll.mui
[2010/02/12 00:02:49 | 000,005,120 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\en-us\spcmsg.dll.mui
[2010/02/12 00:02:49 | 000,004,608 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\en-us\sperror.dll.mui
[2010/02/12 00:02:49 | 000,019,456 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\en-us\spwizui.dll.mui
[2010/02/12 00:02:49 | 000,333,312 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\es-es\acres.dll.mui
[2010/02/12 00:02:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\es-es\spcmsg.dll.mui
[2010/02/12 00:02:49 | 000,005,120 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\es-es\sperror.dll.mui
[2010/02/12 00:02:49 | 000,020,992 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\es-es\spwizui.dll.mui
[2010/02/12 00:02:49 | 000,335,360 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\fr-fr\acres.dll.mui
[2010/02/12 00:02:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\fr-fr\spcmsg.dll.mui
[2010/02/12 00:02:49 | 000,005,120 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\fr-fr\sperror.dll.mui
[2010/02/12 00:02:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\fr-fr\spwizui.dll.mui
[2010/02/12 00:02:49 | 000,207,360 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\ja-jp\acres.dll.mui
[2010/02/12 00:02:49 | 000,004,608 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\ja-jp\spcmsg.dll.mui
[2010/02/12 00:02:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\ja-jp\sperror.dll.mui
[2010/02/12 00:02:49 | 000,014,848 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-912166381-3186201227-2079833363-1000\$RXUWJAB\8284dc14d20c1d313a8d03\ja-jp\spwizui.dll.mui

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: AGP440.SYS >
[2008/01/20 20:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 20:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 00:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/11 00:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/11 00:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 20:49:30 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 01:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 20:48:41 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/20 20:47:50 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=8D2C00D198598AAE77B1648FFBF39895 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_b874b99a32c86e38\imm32.dll
[2009/04/11 00:26:43 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SysWOW64\imm32.dll
[2009/04/11 00:26:43 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SysWOW64\imm32.dll
[2009/04/11 00:26:43 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_c4b4dcf8644afb7f\imm32.dll
[2008/01/20 20:48:30 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_c2c963ec67293033\imm32.dll
[2009/04/11 01:11:15 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_ba6032a62fea3984\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 01:24:13 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 20:47:21 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/13 01:47:27 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 02:19:50 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/02/13 02:54:16 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/02/13 01:16:20 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/13 01:25:34 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 20:48:00 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/02/13 02:57:39 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/11 00:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/11 00:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/11 00:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/02/13 02:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2009/04/11 01:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 20:49:59 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 00:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 20:47:46 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 01:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 20:49:41 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009/04/11 01:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 01:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 20:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 01:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 20:49:42 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 20:51:10 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 05:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 03:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 03:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 03:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/11 01:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 20:49:17 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 20:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 01:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2008/01/20 20:48:41 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 01:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:47:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:47:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:47:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:49:28 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 01:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 20:47:19 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 20:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/01/20 20:48:48 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008/01/20 20:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 20:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 20:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 20:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 01:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\Sp4rks\Documents\MarkTurner.JPG:3or4kl4x13tuuug3Byamue2s4b
< End of report >

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 8:11 pm

Extras:

OTL Extras logfile created on: 6/3/2010 1:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Sp4rks\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 60.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 365.28 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 688.45 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.15% Space Free | Partition Type: FAT32

Computer Name: PWNSN00BS
Current User Name: Sp4rks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 74 BB A4 68 23 AC CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00095C9A-D885-450A-91CB-4BF823A2F6B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{029818C3-9CB1-4BE8-8DCC-803E502738EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{03ECE427-C745-41C9-8D60-2EE48D554EBF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{052EF2C7-52D1-4832-B493-16EA47A4D706}" = lport=445 | protocol=6 | dir=in | app=system |
"{089C530F-1A86-4BC9-B13B-15D3F61B2932}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{17C625EA-6623-4CE2-9193-2B727C4BC80F}" = lport=137 | protocol=17 | dir=in | app=system |
"{188EC055-9444-4955-82CC-D324FB2BB8CB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1A2F5EE8-ACFD-4DD8-8772-CA71C208CF31}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1A8C440D-4E2C-4044-910F-46EA543CCC91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24B34963-C058-472C-8BA2-F55A92ABAD38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2653269D-4A25-428C-AA97-C79B5C1A177D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D434B59-8FD1-4F5D-8315-CA1948C10B50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D92B3FD-1D05-459C-8AD8-038C68983A3F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3180DC03-FDE0-4592-A8E0-040882F72EE0}" = rport=10244 | protocol=6 | dir=out | app=system |
"{31D5ACC4-6C3B-4BA4-9815-6A86924833BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{34E7CE9A-3EFF-4B84-85B2-809158F785C8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{3A8C8BCC-6181-4F0E-ADC1-A0CF8BBCAFCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{417DDD59-EB8C-47A1-ABA7-ED0820EA5B7B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{42BA90E4-26D6-415A-B3ED-F7DB6B8B1D2A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45B55614-2CFB-4D2B-A3BC-EA516A535F42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{480BFB4B-EB22-4857-9B91-CF8BF0400A98}" = rport=137 | protocol=17 | dir=out | app=system |
"{52772B5B-B893-4F48-86D1-CC17850D629A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{534BCBF2-6F67-40EB-A960-132DB113C508}" = lport=139 | protocol=6 | dir=in | app=system |
"{53556AE1-909D-420C-8010-8664FB9B0D4F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{584236E9-7F1B-40BA-BAAA-7DA0CE25BDF0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5965F161-83F4-4DCB-AB82-073FB576F25A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5E4102D4-92D4-4F71-AC07-B07E7689A8F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61227BD6-12D3-47C7-BF45-298201411239}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{737EB356-B3AB-45E3-A7EE-A64DA898E6EC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{742BED10-177C-409B-A5B1-79FA292FA147}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{76BC4890-0455-4038-A803-66E841B562AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82BBE59F-6DAB-4764-82C5-3AE6F44D1AA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84DD8F75-234C-4B17-A8CA-CA9AF5454B12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{865CA31D-5EBE-456A-B57F-0ADE21EA9093}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{871BFBEB-8187-4F3D-8428-10DF518086CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{895B1CFF-1F37-4F55-99C8-2AF089145E2A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C58A147-E34F-4BF8-A3B9-7E87D7EA653C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95E0AF79-3F85-4D7C-AE50-8DA48C5BC7B2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{989DC8E1-85A1-4EB7-8752-88EFE0758192}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4C2E659-AD19-4FF3-A167-4247144D0F5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADBE1DCD-3E00-4423-A847-0506D572B08D}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF58A63D-D209-463A-8E2E-0762AA6A1B9A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{B381D0F3-B63C-4DDA-9A8F-C6BD53AE46A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEB6CF6C-B076-4ABA-82CF-1B53E5D4B6E8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C18168B4-DBB1-4502-A454-D6D838F36DFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9404C58-85CB-4EB1-927A-3A0BE2CDCBFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA96C1DE-285A-4C97-B851-A8DA7EAE88D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE54D199-EBE0-4DE4-BE38-C0C81B5DD824}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D4EA4C14-5C94-4117-9F6D-0B19AD0173EB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DF2050C8-C8BE-4D4D-96EC-E9BD0224B92C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF2972EF-8DD3-4964-B153-2703276D20C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1F04809-177B-4F34-9AFB-80CA56219865}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3F9E8F3-9A2D-4262-AEF9-5E40A0A74CF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECFCDE7F-9580-4460-8224-82F2DC7C24BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ED390A0F-7CCA-4D0F-A52C-7AC741310D6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1E43B6A-D947-4C4F-9B38-30C19A0908B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5C55009-289C-4199-99A1-FB5F06331995}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FBA13A3D-FAC3-4A07-A1FF-1B14BA7971C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00010368-2600-4697-8F04-169F4C54FEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{000F3C82-19D1-47AB-A7CE-F9559F895086}" = protocol=17 | dir=in | app=c:\users\sp4rks\appdata\local\apps\2.0\zlnd8y1h.d42\g420vvxd.xyh\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{007BC7CA-DDFF-49FB-9969-BDC715825513}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{00D46B13-AC79-4043-9B1E-2436EC03E416}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01A3010E-3257-40C8-9E68-B0D3F7119CEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06E29C5B-E935-41E3-8F9F-27C5DA3D993A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AB15C0F-CAB0-476C-8A30-C567AC597C52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11DA273C-2C66-49C0-A708-DC87E1AC3957}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{12E8A5D0-7FE5-46FB-B777-C6E7EE84709F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1773E898-73F0-450B-9ECA-2711062FB33C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18F0C474-40E9-44AF-AFB3-EC71713AC2BF}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{1A50FF60-33A5-49AF-956B-67702BAC483A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1AC51FB0-A230-41E4-920F-972BC9DA5216}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{24450B9D-00F5-46CF-B71F-E331E1248741}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{2460D86B-940B-480E-87DD-ECD6690CA182}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C113B03-B1D7-4D08-8D9F-AE2DADB46709}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C98F5A8-E20C-4760-BE50-69656439BCCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D25970A-475E-446B-93EB-CE9F065E1BB0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{2E9C6BCC-26EB-4135-AFBB-D8A0844CB6B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3313D922-0D77-407A-950B-B1B250423300}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{332EABE1-D979-4B40-9EAC-877A26E17F40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35E6B277-9EE0-45D9-92A9-ADE47CE53DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{3A40805A-8186-4752-A3C2-B9A83586DBA1}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3C71CA5B-56B8-4B90-A0D4-65198C452654}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4244D5A5-D098-435F-92BF-5C012F9062F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{428A12F3-FF56-4373-A5DE-72E7C0CEBEE7}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{466528B9-87D7-40D2-819C-057F8BB52976}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{476AB684-222D-4CF7-81BD-FD214F09F532}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{47E11E5B-5142-4920-8158-BB1A439E5AB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4BCB67CE-D4F6-48E3-9E40-1FF1BB5F309F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4EDB9CD6-8F81-4D5C-A347-AA66A62A9399}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{4F8C8D54-3DA6-4D04-96BB-E1344897B2EF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5AFD8EE5-23E3-4980-B9C9-18BFEC14C083}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{5BB13A91-AD5C-4C13-A91F-B532AD1AB34C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61ABA1D0-ED7C-4421-9AE8-89DBCCC39ADD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62D85633-791F-4C3B-880D-FD76D6DB284B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{636FF61C-84A4-4821-A558-26AD6CA937BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{6950F982-C1B6-4F9B-9076-38404463FA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{6B6A0813-8FCF-41A3-8B42-20EBF803D3E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{720B9A56-D766-400A-9DD7-0C56D5D68261}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7329EE56-21D7-4A8F-BD5C-B1A32D261C19}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{733BB9FB-17FB-4BEA-9C82-8A56F57BABA7}" = protocol=6 | dir=out | app=system |
"{7819C8B6-632F-4EC1-9905-63F72E793997}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78392FEB-5F92-44E1-B3D9-8F3B1BF57D30}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{79C37709-9260-4777-A96C-DB37141FDBCC}" = protocol=17 | dir=in | app=c:\users\sp4rks\appdata\local\apps\2.0\zlnd8y1h.d42\g420vvxd.xyh\curs..tion_eee711038731a406_0004.0000_1430d97334050788\curseclient.exe |
"{7BAD8C64-688B-40ED-ABFD-892F7A304204}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E3E9E8E-3792-4A96-B438-E31ED3AE1C3B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83122BCE-3BF1-49E7-87B2-28DD64D8877D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83FAEA2A-37E7-4E83-A713-FBE5838017DE}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{868D44C4-3406-4039-A7A1-639EBF197926}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8940B6EE-F4F9-455F-8BE4-ACC7A7561DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{8953D7AC-CBAB-4BF9-B85D-6D92D9C73066}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8A015DD7-AE4F-46C2-BFF4-C70910581E53}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{8D09FA36-6C6A-47C4-A754-109729A7FAFE}" = protocol=6 | dir=in | app=c:\users\sp4rks\appdata\local\apps\2.0\zlnd8y1h.d42\g420vvxd.xyh\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{8E704AFD-7875-4427-BFFF-DC778815FC0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{909F1841-8C5B-42A1-9A8B-DCD85C21864F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{910C85D0-98BC-4D63-941E-5C2A3A932382}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{91898A3B-4A02-4DC0-8F86-4AF8053D1E73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9287AFA8-EF32-4E2E-9867-58D113F43099}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{94E50177-382D-48F6-AC63-82F413E15F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{96D83E9F-5A68-453A-B23B-3C38D3C6DF28}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{9B6EA5CB-7109-4D1D-8D45-6A4F9375F731}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{9DE494D8-1775-437E-8DC8-172B9AD34DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9F6BBE6E-40A4-4866-B032-4CAE3663D38A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3A88CF5-D22B-4A4D-B712-32BD1EB7F9AD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{A4931789-91BE-4757-AD82-C39623D4D9E3}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{A6A09D27-6DFF-4E21-8231-E148F4D81969}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{A846B793-3945-406A-8D4B-2E68C59758DB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A92E5512-94EA-453E-9C9D-C220132375B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC28C9B1-3B5F-4065-9775-53FDE600F5CC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AD585AA5-03D4-46D6-9874-FBB7FA8F7E6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B407E420-212C-4444-810F-42DDFF72570F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B69F3BBC-C809-4AF9-9E69-FE640EE69C0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6E6D9E9-F702-41DF-A686-A076FCB5F9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{BCC29E77-66F7-4221-B5B1-B5B0A4A5821D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{BE41DBB3-9BB8-4E6C-99D4-7616149A4807}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{BFDECC17-0D6C-496E-B1D1-4FFCDD4924C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03835F1-0CA4-475F-B633-1F6DDACFA698}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{C0D3F041-55BB-409D-9C63-17738CCB6679}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C412826C-AF0C-4BFD-B56B-DBBDCB440688}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{C92CC7D9-CAE8-4891-89FF-23D6A8FA5ED6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{CB882A0F-1CF9-4493-B89C-6D0A20BA9CF7}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CC7BF23B-CD6B-42EB-A7BC-296309851DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\ttax.exe |
"{D0C4C647-74B3-444B-A85D-38D36B722AC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2CAB1A9-8314-49D9-B323-67E74DE0D690}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D3A9C4E6-2AC3-4B87-93A3-111FC156034A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D6600C5C-F64D-4413-BFD7-6936BBB27BCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D82B726F-E235-45B3-903E-E94ADA78EF78}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{DA923F82-1328-4E1B-B06E-323594CFEFEA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E2DF44A8-661E-4253-90E2-6017747AC073}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4AF32DE-226F-4569-957A-34CF71F29E01}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E6E56603-280B-46D6-823D-3AF7CDCD621F}" = protocol=6 | dir=in | app=c:\users\sp4rks\appdata\local\apps\2.0\zlnd8y1h.d42\g420vvxd.xyh\curs..tion_eee711038731a406_0004.0000_1430d97334050788\curseclient.exe |
"{E74A0E17-78F6-406C-98D8-CEB49582DD80}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\ttax.exe |
"{E9C5EC64-76E8-4F32-A660-741204FA8135}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA3A2A1E-60C4-49EB-B175-29B16DB592D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F21980C4-535A-47D6-BDE8-0B1664D1BDE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2E6E7C3-3062-4915-B5E2-4B8AB82293E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F36706D9-0875-4205-B6B0-BF3574C6A4FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4A360C9-1F7D-43CD-A6AC-521332B1BB79}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{F6FE86FC-0494-49ED-83EC-A824CE18571A}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{FC498D5B-B6B7-4353-ABCE-3ABC95976E99}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{17481CA2-209D-4876-A84C-C901CC2AA21C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{17CCCCF4-E826-4659-B99A-B06C27FD0040}C:\program files (x86)\philips intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips intelligent agent\philips intelligent agent.exe |
"TCP Query User{19382E55-5FE8-4294-8F6B-51974A7E757D}C:\program files (x86)\steam\steamapps\silvrwulf64@email.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\silvrwulf64@email.com\team fortress 2\hl2.exe |
"TCP Query User{1CE5D33B-D30B-4E43-B736-D3355C2756AA}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{1DCE396F-F0D5-4FF5-B6DC-32B9F8FA7CA0}C:\security\superscan4\superscan4.exe" = protocol=6 | dir=in | app=c:\security\superscan4\superscan4.exe |
"TCP Query User{2D38B4BE-CE5C-4A19-83AC-E21B75BD052C}C:\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{30063960-BDBD-4BDF-9BA2-F6DEC8549518}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{314253DB-E396-4AC2-AB0E-7C2FE39C27E8}C:\program files (x86)\java\jdk1.6.0_11\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_11\bin\java.exe |
"TCP Query User{468E000E-AE53-4F8A-A06D-65D7566D24D1}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{4FD207FD-9D6A-40C3-9619-BEB7B4EBA7F5}C:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\world of warcraft\repair.exe |
"TCP Query User{7EEF585A-55BC-4AFC-B82D-05E18275E427}C:\program files (x86)\java\jdk1.6.0_11\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_11\bin\java.exe |
"TCP Query User{7F5E37BF-4A3C-4FB8-89A0-11D96132644A}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{82122A6C-1D55-4D10-83FF-27EEE14510C2}C:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\world of warcraft\repair.exe |
"TCP Query User{84521E45-C87F-4D1A-8E4D-623E605E1E61}C:\security\webgoat\webgoat-5.2\java\bin\java.exe" = protocol=6 | dir=in | app=c:\security\webgoat\webgoat-5.2\java\bin\java.exe |
"TCP Query User{92751162-CD67-4ED3-B36D-CAE7691CE261}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{975B59A2-CA3F-4C2A-BB0F-4BF8FC353C2A}C:\program files (x86)\steam\steamapps\silvrwulf64@email.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\silvrwulf64@email.com\counter-strike source\hl2.exe |
"TCP Query User{A95762A7-2D70-412F-BBC5-4F543AF5D171}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{AFA1C6E9-82C2-46BF-8C5A-5BFA168AD908}C:\users\sp4rks\desktop\superscan4.exe" = protocol=6 | dir=in | app=c:\users\sp4rks\desktop\superscan4.exe |
"TCP Query User{B10267C9-0002-4414-90C3-C99F62483511}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{BECF97BA-73D1-4E12-80C3-1FAC7C06AA81}C:\users\sp4rks\appdata\local\temp\temp2_superscan4.zip\superscan4.exe" = protocol=6 | dir=in | app=c:\users\sp4rks\appdata\local\temp\temp2_superscan4.zip\superscan4.exe |
"TCP Query User{C52869F7-81B7-4A06-86F7-A6C5ED1928BA}C:\users\sp4rks\appdata\local\temp\eee.hacmecasino.exe.2\bin\ruby.exe" = protocol=6 | dir=in | app=c:\users\sp4rks\appdata\local\temp\eee.hacmecasino.exe.2\bin\ruby.exe |
"TCP Query User{E32AC8F1-4063-47BD-BE8C-E7706978228D}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{EB80CA1E-5852-41BE-8015-D9A074E9F6EA}C:\honeybot\honeybot.exe" = protocol=6 | dir=in | app=c:\honeybot\honeybot.exe |
"TCP Query User{F875E059-D553-442A-851B-92C9D7180CDE}C:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{090412AD-75E8-4999-93ED-B3B41248E9C8}C:\program files (x86)\steam\steamapps\silvrwulf64@email.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\silvrwulf64@email.com\team fortress 2\hl2.exe |
"UDP Query User{2FD194EB-3BF5-49BF-B311-5B759F32EC2D}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{371F5072-2FB8-4DB9-956B-F118A667D48A}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{3DF2DC1F-0857-4807-9D5A-6D3828407C20}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{4D22E07A-E0BA-4778-9091-08F0A3DC007E}C:\program files (x86)\philips intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips intelligent agent\philips intelligent agent.exe |
"UDP Query User{5C564ABF-3F89-446B-AF5D-19A6B9147571}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{646785B8-725B-4241-A096-B91B59BF046F}C:\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{69986A13-DA8A-4FD8-805F-2AA0EC636856}C:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{71983700-DED2-45E5-9DD8-F44211693EB7}C:\security\superscan4\superscan4.exe" = protocol=17 | dir=in | app=c:\security\superscan4\superscan4.exe |
"UDP Query User{7C7ED302-28D2-4515-93C1-4C4A8372E8B5}C:\honeybot\honeybot.exe" = protocol=17 | dir=in | app=c:\honeybot\honeybot.exe |
"UDP Query User{808E4DE9-F9F3-42F1-954C-183AB5C05278}C:\program files (x86)\java\jdk1.6.0_11\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_11\bin\java.exe |
"UDP Query User{9ED1B6DC-2F15-40B7-AC2A-E3F5E5CB9EC5}C:\users\sp4rks\appdata\local\temp\eee.hacmecasino.exe.2\bin\ruby.exe" = protocol=17 | dir=in | app=c:\users\sp4rks\appdata\local\temp\eee.hacmecasino.exe.2\bin\ruby.exe |
"UDP Query User{B5FD4C01-CA5A-4EFD-84D4-264A5C67C4FF}C:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\world of warcraft\repair.exe |
"UDP Query User{B6D8799C-AFFB-48D2-BD97-53A42B5E9920}C:\security\webgoat\webgoat-5.2\java\bin\java.exe" = protocol=17 | dir=in | app=c:\security\webgoat\webgoat-5.2\java\bin\java.exe |
"UDP Query User{B94D6A6F-2F00-433F-8A3F-D277F963C34D}C:\program files (x86)\steam\steamapps\silvrwulf64@email.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\silvrwulf64@email.com\counter-strike source\hl2.exe |
"UDP Query User{BC1819B1-BB1A-4C4E-987A-8845EF148D89}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{BEA5FEA4-F01B-4E4B-A440-0E0BC9E3812F}C:\users\sp4rks\desktop\superscan4.exe" = protocol=17 | dir=in | app=c:\users\sp4rks\desktop\superscan4.exe |
"UDP Query User{C9848814-587A-4828-9D8E-4394B7A023F2}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{D4C7FDF1-0FF3-4093-AFC1-B8E72FD559B0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{E5CC6B50-5106-4A83-951C-C0A414EB214B}C:\users\sp4rks\appdata\local\temp\temp2_superscan4.zip\superscan4.exe" = protocol=17 | dir=in | app=c:\users\sp4rks\appdata\local\temp\temp2_superscan4.zip\superscan4.exe |
"UDP Query User{E602DCE5-6BEB-4453-B40E-C0131679B4D0}C:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\world of warcraft\repair.exe |
"UDP Query User{EE61F80E-30DC-444B-A8C6-E22E30EA0348}C:\program files (x86)\java\jdk1.6.0_11\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_11\bin\java.exe |
"UDP Query User{F15F7C6E-6599-442E-A572-1B8859D270DF}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{F6D54573-75DE-4442-969C-0E0D04E5823F}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{2184A5E9-FC93-D814-3331-B7EF7A3DDC2E}" = ccc-utility64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6956EE00-2973-4619-B37C-0F41C2186834}" = Sun VirtualBox
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1D81DBC-B656-9640-EADC-619A860F16BD}" = ATI Catalyst Install Manager
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C92838-7803-54B4-40B6-3A4BE1B5F49B}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B9EF0DD-B1B2-ACDE-A5A3-9152CC6D0B25}" = CCC Help English
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF31850-EAA2-012B-AEC5-000000000000}" = TurboTax 2009 wutiper
"{46E15BA2-5A3C-3EA3-06F1-5F202F4081E9}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85958441-8367-1171-77F3-E91246FBEFB4}" = Catalyst Control Center Graphics Full Existing
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A27B530-AC8F-4C21-AA59-271FBFD9FE1F}" = AMD CPUInfo
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A17BEAAE-ED9D-A9DF-8E9D-AB3FDE9934AF}" = Catalyst Control Center Graphics Previews Common
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A5D9CDBD-B344-1B84-8B40-9F0A2C8D5D85}" = Catalyst Control Center Graphics Previews Vista
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AD358745-36CF-FE1D-1E26-4751A0F47752}" = ccc-core-static
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B4C25797-D620-4F12-9196-02C055C7A742}" = TurboTax 2008 wutiper
"{B84E4C08-FCCB-41F3-B904-024648C476A1}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C6074852-F3C1-94F5-FE80-FB3E8A7AEE7F}" = Catalyst Control Center HydraVision Full
"{CAB62FBE-E3A4-6F3A-88F6-7B8BD1B8FD1F}" = Catalyst Control Center InstallProxy
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1DABCF5-B21B-9006-9230-9234646024DC}" = Catalyst Control Center Graphics Full New
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4608777-9B62-0B3C-FC4D-15F2BF34A91D}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"CCleaner" = CCleaner
"DeskScapes" = DeskScapes
"HijackThis" = HijackThis 2.0.2
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 130" = Half-Life: Blue Shift
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 50" = Opposing Force
"Steam App 500" = Left 4 Dead
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"VISPRO" = Microsoft Office Visio Professional 2007
"VMware_Player" = VMware Player
"WampServer 2_is1" = WampServer 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta5
"Wireshark" = Wireshark 1.2.1
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 12:48:24 PM | Computer Name = PwnsN00bs | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/15/2009 12:48:27 PM | Computer Name = PwnsN00bs | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/15/2009 12:48:38 PM | Computer Name = PwnsN00bs | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2009 10:07:37 PM | Computer Name = PwnsN00bs | Source = Perflib | ID = 1023
Description =

Error - 10/15/2009 10:07:38 PM | Computer Name = PwnsN00bs | Source = Perflib | ID = 1008
Description =

Error - 10/15/2009 10:07:38 PM | Computer Name = PwnsN00bs | Source = Perflib | ID = 1023
Description =

Error - 10/16/2009 3:43:31 PM | Computer Name = PwnsN00bs | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/16/2009 3:43:31 PM | Computer Name = PwnsN00bs | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/16/2009 3:43:34 PM | Computer Name = PwnsN00bs | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/16/2009 3:43:44 PM | Computer Name = PwnsN00bs | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/15/2009 1:26:19 PM | Computer Name = PwnsN00bs | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 1:07:11 PM | Computer Name = PwnsN00bs | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/28/2009 1:25:32 PM | Computer Name = PwnsN00bs | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:48:29 PM | Computer Name = PwnsN00bs | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/10/2009 1:33:42 PM | Computer Name = PwnsN00bs | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/25/2009 7:12:17 PM | Computer Name = PwnsN00bs | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8887
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/3/2010 4:25:17 AM | Computer Name = PwnsN00bs | Source = Service Control Manager | ID = 7009
Description =

Error - 6/3/2010 4:26:43 AM | Computer Name = PwnsN00bs | Source = Service Control Manager | ID = 7022
Description =

Error - 6/3/2010 1:38:21 PM | Computer Name = PwnsN00bs | Source = Service Control Manager | ID = 7009
Description =

Error - 6/3/2010 1:39:49 PM | Computer Name = PwnsN00bs | Source = Service Control Manager | ID = 7022
Description =

Error - 6/3/2010 4:01:07 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/3/2010 4:01:08 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/3/2010 4:01:09 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/3/2010 4:01:10 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/3/2010 4:01:11 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/3/2010 4:01:12 PM | Computer Name = PwnsN00bs | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 8:34 pm

What I'm really curious about is why a file I created 2 days ago (MarkTurner.JPG) is marked as an ADS. It's a scanned document, I don't know if that has anything to do with it. I'm wondering if the virus managed to attach additional data to the file in hopes of me opening it. I'm not sure, just something I was confused about.

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Thu Jun 03, 2010 8:48 pm

Also here is the result of the Kaspersky scan:

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 03, 2010 11:34:55
Records in database: 4196660
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area Critical areas
C:\Program Files
C:\Program Files (x86)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Sp4rks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows
Scan statistics
Objects scanned 170713
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 01:49:50

File name Threat Threats count
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1
Selected area has been scanned.

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by Crush on Thu Jun 03, 2010 11:29 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :Files
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]


  • Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by sp4rks on Fri Jun 04, 2010 7:28 am

OTM failed originally during emptying the temp files from the Sp4rks folder, which is why it's already empty. I re-ran it and this is what I got after the system rebooted. I apologize for the lateness of the response, I was in class.


All processes killed
========== FILES ==========
File/Folder C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sp4rks
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81920 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6135709 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34413 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25734440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52663 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06042010_012314

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File C:\Users\Sp4rks\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1320.log not found!

Registry entries deleted on Reboot...

sp4rks
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-06-03
OS : Windows Vista Ultimate 64-Bit
Points : 23848
# Likes : 0

View user profile

Back to top Go down

Re: Scareware, errors, and windows defender will not turn on now.

Post by Crush on Sun Jun 06, 2010 6:16 pm

Hi sp4rks,

Sorry for the delay. I thought i already posted this

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • Crush
    Master
    Master

    Status :
    Online
    Offline

    Posts : 3889
    Joined : 2010-01-27
    Gender : Male
    Points : 42058
    # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum