Antimalware doctor and rootkits

Question

boredguy 0 Newbie Poster

13 Years Ago

Hello all.

Well.. Where to begin? just over a month ago a rougue anti-malware program named antimalware doctor began appearing on my computer. This troubled me for quite some time, and i tried many different things to get rid of it. However in the end i did a sytem restore to about 1 month before the virus appeared.

This seemed to work but soon after i began to see some strange things happening. For starters, my computer would freeze and seemingly random intervals, but each time the screen would kind of scramble, also my browser began being redirected to websites which i had not told it to go to.

I figured something was up so i did some virus scans, some research and immediately stopped enetering passwords and other sensitive data. Some things turned up but the problems continued.

Then i began to notice worse things, google chrome stopped working, along with some other programs, things began missing files and glitching out more frequently. I also began getting the error message "this service cannot accept control messages at the current time" when launching some programs. This could only be temporarily fixed with a computer restart.

I also believer my computer has been getting slower lately (This has not been confirmed).

After some more research i have discovered that this is most likely a rootkit virus, as alot of these symptoms are similar to the rootkit symptoms.

Now i am also getting errors like: "Host process for windows services stopped working and was closed
A problem caused the application to stop working correctly. Windows will notify you if a solution is available" on a regular basis

When trying to partition my hard drive no C drive can be found under disk management.

I have looked at many different ways of solving this problem, however in the end i decided a c drive format would be best. however i even had problems with this. When attempting to format my computer by reinstalling windows (vista home premium 32 bit) but apparently i don't have a drive to install it on. Also administrative tools in the control pannel is missing.

So once again i am looking to try and solve the problem itself, and i definately need help. Therefore any help that can be provided will be so greatly appreciated.

I ran the scans listed in the stickied post and i have the details here and i will post them below.

GMER One

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-28 18:41:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01
Running: lfn1n4wm.exe; Driver: C:\Users\MUMAND~1\AppData\Local\Temp\axrdipow.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3252GSX_______________________LV010M__#4&4079406&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

This one is a big one.....

GMER Two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-28 20:26:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01
Running: lfn1n4wm.exe; Driver: C:\Users\MUMAND~1\AppData\Local\Temp\axrdipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x82B999A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x82B99B98]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x82B99656]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x82B99DA0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3252GSX_______________________LV010M__#4&4079406&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a919292
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a919292 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@netsvc SPService?%

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\Win42CD.tmp 0 bytes
File C:\Windows\Temp\Win3BD4.tmp 0 bytes
File C:\Windows\Temp\Win3BE1.tmp 0 bytes
File C:\Windows\Temp\Win3C3B.tmp 0 bytes
File C:\Windows\Temp\Win3C4F.tmp 0 bytes
File C:\Windows\Temp\Win3D33.tmp 0 bytes
File C:\Windows\Temp\Win3D4E.tmp 0 bytes
File C:\Windows\Temp\Win3DDE.tmp 0 bytes
File C:\Windows\Temp\Win3EC2.tmp 0 bytes
File C:\Windows\Temp\Win3F5F.tmp 0 bytes
File C:\Windows\Temp\Win3FC9.tmp 0 bytes
File C:\Windows\Temp\Win4059.tmp 0 bytes
File C:\Windows\Temp\Win4068.tmp 0 bytes
File C:\Windows\Temp\Win4069.tmp 0 bytes
File C:\Windows\Temp\Win40A7.tmp 0 bytes
File C:\Windows\Temp\Win40B6.tmp 0 bytes
File C:\Windows\Temp\Win4152.tmp 0 bytes
File C:\Windows\Temp\Win41B0.tmp 0 bytes
File C:\Windows\Temp\WER2618.tmp.hdmp 812223 bytes
File C:\Windows\Temp\WER4D16.tmp.version.txt 476 bytes
File C:\Windows\Temp\WER4D26.tmp.appcompat.txt 18542 bytes
File C:\Windows\Temp\WER55B0.tmp.hdmp 798867 bytes
File C:\Windows\Temp\WER5783.tmp.appcompat.txt 18548 bytes
File C:\Windows\Temp\WER6652.tmp.hdmp 32620398 bytes
File C:\Windows\Temp\WER98AF.tmp.version.txt 476 bytes
File C:\Windows\Temp\WER98B0.tmp.appcompat.txt 13314 bytes
File C:\Windows\Temp\Win8B2E.tmp 0 bytes
File C:\Windows\Temp\Win8B66.tmp 0 bytes
File C:\Windows\Temp\Win8B7E.tmp 0 bytes
File C:\Windows\Temp\Win8BC4.tmp 0 bytes
File C:\Windows\Temp\Win8D14.tmp 0 bytes
File C:\Windows\Temp\Win8D77.tmp 0 bytes
File C:\Windows\Temp\Win8D79.tmp 0 bytes
File C:\Windows\Temp\Win8D98.tmp 0 bytes
File C:\Windows\Temp\Win8DAD.tmp 0 bytes
File C:\Windows\Temp\Win8DC0.tmp 0 bytes
File C:\Windows\Temp\Win8E3A.tmp 0 bytes
File C:\Windows\Temp\Win8E59.tmp 0 bytes
File C:\Windows\Temp\Win8F0E.tmp 0 bytes
File C:\Windows\Temp\Win8FF9.tmp 0 bytes
File C:\Windows\Temp\Win900D.tmp 0 bytes
File C:\Windows\Temp\Win901D.tmp 0 bytes
File C:\Windows\Temp\Win90B9.tmp 0 bytes
File C:\Windows\Temp\Win924F.tmp 0 bytes
File C:\Windows\Temp\Win9264.tmp 0 bytes
File C:\Windows\Temp\Win9296.tmp 0 bytes
File C:\Windows\Temp\Win9496.tmp 0 bytes
File C:\Windows\Temp\Win952D.tmp 0 bytes
File C:\Windows\Temp\Win95E7.tmp 0 bytes
File C:\Windows\Temp\Win9615.tmp 0 bytes
File C:\Windows\Temp\TarF6DE.tmp 78450 bytes
File C:\Windows\Temp\TMP0000000F55F63D6501094D2C 524288 bytes
File C:\Windows\Temp\WER9CE5.tmp.hdmp 0 bytes
File C:\Windows\Temp\Win138B.tmp 0 bytes
File C:\Windows\Temp\Win2116.tmp 0 bytes
File C:\Windows\Temp\Win32F1.tmp 0 bytes
File C:\Windows\Temp\Win3B3F.tmp 0 bytes
File C:\Windows\Temp\WinBDD1.tmp 0 bytes
File C:\Windows\Temp\WinBE56.tmp 0 bytes
File C:\Windows\Temp\WinBE6D.tmp 0 bytes
File C:\Windows\Temp\WinBFF2.tmp 0 bytes
File C:\Windows\Temp\WinC061.tmp 0 bytes
File C:\Windows\Temp\WinC0ED.tmp 0 bytes
File C:\Windows\Temp\WinC106.tmp 0 bytes
File C:\Windows\Temp\WinC150.tmp 0 bytes
File C:\Windows\Temp\WinC1B2.tmp 0 bytes
File C:\Windows\Temp\WinC1E3.tmp 0 bytes
File C:\Windows\Temp\WinC271.tmp 0 bytes
File C:\Windows\Temp\WinC2A.tmp 0 bytes
File C:\Windows\Temp\WinC3D6.tmp 0 bytes
File C:\Windows\Temp\WinC427.tmp 0 bytes
File C:\Windows\Temp\WinC521.tmp 0 bytes
File C:\Windows\Temp\WinC659.tmp 0 bytes
File C:\Windows\Temp\WinC68B.tmp 0 bytes
File C:\Windows\Temp\WinC726.tmp 0 bytes
File C:\Windows\Temp\WinC794.tmp 0 bytes
File C:\Windows\Temp\WinC86C.tmp 0 bytes
File C:\Windows\Temp\WinC8D2.tmp 0 bytes
File C:\Windows\Temp\Win5BD3.tmp 0 bytes
File C:\Windows\Temp\Win5C1.tmp 0 bytes
File C:\Windows\Temp\Win5DF6.tmp 0 bytes
File C:\Windows\Temp\Win5F10.tmp 0 bytes
File C:\Windows\Temp\Win5F2E.tmp 0 bytes
File C:\Windows\Temp\Win5F8C.tmp 0 bytes
File C:\Windows\Temp\Win6018.tmp 0 bytes
File C:\Windows\Temp\Win605D.tmp 0 bytes
File C:\Windows\Temp\Win60ED.tmp 0 bytes
File C:\Windows\Temp\Win6133.tmp 0 bytes
File C:\Windows\Temp\Win6179.tmp 0 bytes
File C:\Windows\Temp\Win6194.tmp 0 bytes
File C:\Windows\Temp\Win625C.tmp 0 bytes
File C:\Windows\Temp\Win63A3.tmp 0 bytes
File C:\Windows\Temp\Win63D0.tmp 0 bytes
File C:\Windows\Temp\Win63D6.tmp 0 bytes
File C:\Windows\Temp\Win65DF.tmp 0 bytes
File C:\Windows\Temp\Win65FA.tmp 0 bytes
File C:\Windows\Temp\Win65FC.tmp 0 bytes
File C:\Windows\Temp\Win6637.tmp 0 bytes
File C:\Windows\Temp\Win666D.tmp 0 bytes
File C:\Windows\Temp\Win6793.tmp 0 bytes
File C:\Windows\Temp\Win68A0.tmp 0 bytes
File C:\Windows\Temp\Win6975.tmp 0 bytes
File C:\Windows\Temp\Win69DA.tmp 0 bytes
File C:\Windows\Temp\Win6C48.tmp 0 bytes
File C:\Windows\Temp\Win6C96.tmp 0 bytes
File C:\Windows\Temp\Win6CA1.tmp 0 bytes
File C:\Windows\Temp\Win6CE4.tmp 0 bytes
File C:\Windows\Temp\Win6CFD.tmp 0 bytes
File C:\Windows\Temp\Win232F.tmp 0 bytes
File C:\Windows\Temp\Win2347.tmp 0 bytes
File C:\Windows\Temp\Win2394.tmp 0 bytes
File C:\Windows\Temp\Win23F2.tmp 0 bytes
File C:\Windows\Temp\Win2456.tmp 0 bytes
File C:\Windows\Temp\Win259D.tmp 0 bytes
File C:\Windows\Temp\Win259F.tmp 0 bytes
File C:\Windows\Temp\Win25C0.tmp 0 bytes
File C:\Windows\Temp\Win25FA.tmp 0 bytes
File C:\Windows\Temp\Win2890.tmp 0 bytes
File C:\Windows\Temp\Win28A4.tmp 0 bytes
File C:\Windows\Temp\Win2902.tmp 0 bytes
File C:\Windows\Temp\Win296A.tmp 0 bytes
File C:\Windows\Temp\Win2B0E.tmp 0 bytes
File C:\Windows\Temp\Win2BCF.tmp 0 bytes
File C:\Windows\Temp\Win2BFD.tmp 0 bytes
File C:\Windows\Temp\Win2D0.tmp 0 bytes
File C:\Windows\Temp\Win2F32.tmp 0 bytes
File C:\Windows\Temp\Win2FA5.tmp 0 bytes
File C:\Windows\Temp\Win2FC7.tmp 0 bytes
File C:\Windows\Temp\Win2FF4.tmp 0 bytes
File C:\Windows\Temp\Win312C.tmp 0 bytes
File C:\Windows\Temp\Win3283.tmp 0 bytes
File C:\Windows\Temp\Win32C2.tmp 0 bytes
File C:\Windows\Temp\WinE374.tmp 0 bytes
File C:\Windows\Temp\WinE4A2.tmp 0 bytes
File C:\Windows\Temp\WinE51B.tmp 0 bytes
File C:\Windows\Temp\WinE529.tmp 0 bytes
File C:\Windows\Temp\WinE582.tmp 0 bytes
File C:\Windows\Temp\WinE5BC.tmp 0 bytes
File C:\Windows\Temp\WinE609.tmp 0 bytes
File C:\Windows\Temp\WinE7D2.tmp 0 bytes
File C:\Windows\Temp\WinE804.tmp 0 bytes
File C:\Windows\Temp\WinE83B.tmp 0 bytes
File C:\Windows\Temp\WinE990.tmp 0 bytes
File C:\Windows\Temp\WinEA02.tmp 0 bytes
File C:\Windows\Temp\WinA14F.tmp 0 bytes
File C:\Windows\Temp\WinA2B8.tmp 0 bytes
File C:\Windows\Temp\WinA2BC.tmp 0 bytes
File C:\Windows\Temp\WinA2D9.tmp 0 bytes
File C:\Windows\Temp\WinA3BC.tmp 0 bytes
File C:\Windows\Temp\WinA40B.tmp 0 bytes
File C:\Windows\Temp\WinA4AB.tmp 0 bytes
File C:\Windows\Temp\WinA4BB.tmp 0 bytes
File C:\Windows\Temp\WinA4D8.tmp 0 bytes
File C:\Windows\Temp\WinA533.tmp 0 bytes
File C:\Windows\Temp\WinA5CC.tmp 0 bytes
File C:\Windows\Temp\WinA5FE.tmp 0 bytes
File C:\Windows\Temp\WinA79C.tmp 0 bytes
File C:\Windows\Temp\WinA89D.tmp 0 bytes
File C:\Windows\Temp\WinA924.tmp 0 bytes
File C:\Windows\Temp\Win4DE0.tmp 0 bytes
File C:\Windows\Temp\Win4DEE.tmp 0 bytes
File C:\Windows\Temp\Win4E2E.tmp 0 bytes
File C:\Windows\Temp\Win4E62.tmp 0 bytes
File C:\Windows\Temp\Win4F50.tmp 0 bytes
File C:\Windows\Temp\Win4F73.tmp 0 bytes
File C:\Windows\Temp\Win4FE3.tmp 0 bytes
File C:\Windows\Temp\Win508E.tmp 0 bytes
File C:\Windows\Temp\Win50DC.tmp 0 bytes
File C:\Windows\Temp\Win50EE.tmp 0 bytes
File C:\Windows\Temp\Win511B.tmp 0 bytes
File C:\Windows\Temp\Win5178.tmp 0 bytes
File C:\Windows\Temp\Win521A.tmp 0 bytes
File C:\Windows\Temp\Win5291.tmp 0 bytes
File C:\Windows\Temp\Win5342.tmp 0 bytes
File C:\Windows\Temp\Win538B.tmp 0 bytes
File C:\Windows\Temp\Win543A.tmp 0 bytes
File C:\Windows\Temp\Win553.tmp 0 bytes
File C:\Windows\Temp\Win556E.tmp 0 bytes
File C:\Windows\Temp\Win5625.tmp 0 bytes
File C:\Windows\Temp\Win5723.tmp 0 bytes
File C:\Windows\Temp\Win5831.tmp 0 bytes
File C:\Windows\Temp\Win583C.tmp 0 bytes
File C:\Windows\Temp\Win58ED.tmp 0 bytes
File C:\Windows\Temp\Win5A3F.tmp 0 bytes
File C:\Windows\Temp\Win5A49.tmp 0 bytes
File C:\Windows\Temp\Win5A8F.tmp 0 bytes
File C:\Windows\Temp\Win5A9C.tmp 0 bytes
File C:\Windows\Temp\WinC984.tmp 0 bytes
File C:\Windows\Temp\WinCA2C.tmp 0 bytes
File C:\Windows\Temp\WinCA8C.tmp 0 bytes
File C:\Windows\Temp\WinCAD0.tmp 0 bytes
File C:\Windows\Temp\WinCAF5.tmp 0 bytes
File C:\Windows\Temp\WinCB0A.tmp 0 bytes
File C:\Windows\Temp\WinCB20.tmp 0 bytes
File C:\Windows\Temp\WinCB39.tmp 0 bytes
File C:\Windows\Temp\WinCB58.tmp 0 bytes
File C:\Windows\Temp\WinCB7C.tmp 0 bytes
File C:\Windows\Temp\WinCC04.tmp 0 bytes
File C:\Windows\Temp\WinCC33.tmp 0 bytes
File C:\Windows\Temp\WinCD3C.tmp 0 bytes
File C:\Windows\Temp\WinCE29.tmp 0 bytes
File C:\Windows\Temp\WinCEAA.tmp 0 bytes
File C:\Windows\Temp\Win6FBE.tmp 0 bytes
File C:\Windows\Temp\Win701.tmp 0 bytes
File C:\Windows\Temp\Win709C.tmp 0 bytes
File C:\Windows\Temp\Win70A2.tmp 0 bytes
File C:\Windows\Temp\Win710D.tmp 0 bytes
File C:\Windows\Temp\Win7136.tmp 0 bytes
File C:\Windows\Temp\Win7149.tmp 0 bytes
File C:\Windows\Temp\Win7196.tmp 0 bytes
File C:\Windows\Temp\Win7203.tmp 0 bytes
File C:\Windows\Temp\Win72D8.tmp 0 bytes
File C:\Windows\Temp\Win7385.tmp 0 bytes
File C:\Windows\Temp\Win739C.tmp 0 bytes
File C:\Windows\Temp\Win75DA.tmp 0 bytes
File C:\Windows\Temp\Win76F2.tmp 0 bytes
File C:\Windows\Temp\WinB45.tmp 0 bytes
File C:\Windows\Temp\WinB461.tmp 0 bytes
File C:\Windows\Temp\WinB4C8.tmp 0 bytes
File C:\Windows\Temp\WinB4FC.tmp 0 bytes
File C:\Windows\Temp\WinB58A.tmp 0 bytes
File C:\Windows\Temp\WinB5E9.tmp 0 bytes
File C:\Windows\Temp\WinB5FD.tmp 0 bytes
File C:\Windows\Temp\WinB605.tmp 0 bytes
File C:\Windows\Temp\WinB69C.tmp 0 bytes
File C:\Windows\Temp\WinB78F.tmp 0 bytes
File C:\Windows\Temp\WinB7BF.tmp 0 bytes
File C:\Windows\Temp\WinB7CB.tmp 0 bytes
File C:\Windows\Temp\WinB807.tmp 0 bytes
File C:\Windows\Temp\WinB83A.tmp 0 bytes
File C:\Windows\Temp\WinB911.tmp 0 bytes
File C:\Windows\Temp\WinBA35.tmp 0 bytes
File C:\Windows\Temp\WinBAB2.tmp 0 bytes
File C:\Windows\Temp\WinBB61.tmp 0 bytes
File C:\Windows\Temp\WinBC0D.tmp 0 bytes
File C:\Windows\Temp\WinBC2C.tmp 0 bytes
File C:\Windows\Temp\TarF70E.tmp 78450 bytes
File C:\Windows\Temp\TarF73E.tmp 78450 bytes
File C:\Windows\Temp\TarF859.tmp 78450 bytes
File C:\Windows\Temp\TarFF09.tmp 78450 bytes
File C:\Windows\Temp\Temporary Internet Files 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\bg_bottom_left[1].png 4304 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\bg_bottom_right[1].png 4325 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\bg_status[1].png 3710 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\bg_status_warning_x[1].png 308 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\btn_primary_left[1].png 3723 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\btn_primary_right[1].png 3756 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\config[1].js 1474 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\desktop.ini 67 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\lang_strings[1].htm 12206 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\shadow-top[1].png 132 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\styles-ie7[1].css 62 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\styles[1].css 20791 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\082B9SRF\WebResource[1].axd 20931 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\arrowleft[1].png 1925 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\bg-content-1[1].png 197 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\bg-header-table[1].jpg 20969 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\bg_bottom_x[1].png 3641 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\bg_status_idle_left[1].png 1466 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\bg_top_x[1].png 3673 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\btn_close[1].gif 103 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\default[1].htm 200632 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\desktop.ini 67 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\icn_drawer_btn_up[1].png 205 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\shutdown[1].htm 5821 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\18R8I6N8\spin_icon_onstatusbar[1].gif 8361 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\bg-topline[1].png 190 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\bg_status_idle_x[1].png 1153 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\bg_status_warning_right[1].png 1052 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\btn_min[1].gif 96 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\btn_normal_left[1].png 3712 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\btn_normal_right[1].png 3746 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\ctnr_hilite[1].png 306 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\desktop.ini 67 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\icon_secure[1].png 3810 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\lang_urls[1].htm 1406 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\SecurityScanner[1].css 1505 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\shadow-bottom[1].png 131 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7VTSVWUT\teamviewer[1].png 14162 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\arrow[1].png 1903 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg-header-1[1].jpg 404 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_left_y[1].png 3607 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_right_y[1].png 3608 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_status_idle_right[1].png 1457 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_status_warning_left[1].png 788 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_top_left[1].png 4027 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\bg_top_right[1].png 4681 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\desktop.ini 67 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\favicon[1].ico 1150 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\icn_drawer_btn_down[1].png 205 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\icon_atrisk[1].png 3812 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AWMSHBKQ\s_code_prod[1].js 41309 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
File C:\Windows\Temp\Win96C0.tmp 0 bytes
File C:\Windows\Temp\Win984B.tmp 0 bytes
File C:\Windows\Temp\Win9BF9.tmp 0 bytes
File C:\Windows\Temp\Win9C00.tmp 0 bytes
File C:\Windows\Temp\Win9C46.tmp 0 bytes
File C:\Windows\Temp\Win9C7E.tmp 0 bytes
File C:\Windows\Temp\Win9C8E.tmp 0 bytes
File C:\Windows\Temp\Win9D29.tmp

windows-virus

2 Contributors
20 Replies
518 Views
1 Day Discussion Span
Latest Post 13 Years Ago Latest Post by crunchie

All 20 Replies

crunchie 990 Most Valuable Poster

13 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Please post the MBA-M log too.

==============

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

crunchie 990 Most Valuable Poster

13 Years Ago

Update MBA-M and run it again. Remove what it finds and then reboot. Post up the log.

====

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [Regedit32] File not found
:Commands
[purity]
[emptyflash]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

crunchie 990 Most Valuable Poster

13 Years Ago

Update MBA-M and run it again. Remove what it finds and then reboot. Post up the log.

Unless I am going blind, I cannot see that log :).

crunchie 990 Most Valuable Poster

13 Years Ago

I quoted myself. To see the quote you need to click on the "Click to expand/collapse" phrase.
MBA-M log.

crunchie 990 Most Valuable Poster

13 Years Ago

How are things running now?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

boredguy 0 Newbie Poster · Answer 1 · 2011-01-28T20:42:25+00:00

boredguy 0 Newbie Poster

13 Years Ago

think i double posted :S

Edited 13 Years Ago by boredguy because: double post

boredguy 0 Newbie Poster · Answer 2 · 2011-01-28T20:42:40+00:00

Hi, thanks for the welcome and for the speedy reply crunchie :)

I did the scans and the results are posted below.

However first i have news to report. My C drive is now visible in disk management and therefore formatting is now an option. However that will be a last resort once again.

I have the log from a MBA-M scan that i did about 2-3 weeks ago, should i post that or do a new scan?

2011/01/29 00:16:25.0993 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/29 00:16:25.0994 ================================================================================
2011/01/29 00:16:25.0994 SystemInfo:
2011/01/29 00:16:25.0994
2011/01/29 00:16:25.0994 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/29 00:16:25.0994 Product type: Workstation
2011/01/29 00:16:25.0994 ComputerName: TOSHIE
2011/01/29 00:16:25.0994 UserName: Mum and Dad
2011/01/29 00:16:25.0994 Windows directory: C:\Windows
2011/01/29 00:16:25.0994 System windows directory: C:\Windows
2011/01/29 00:16:25.0994 Processor architecture: Intel x86
2011/01/29 00:16:25.0994 Number of processors: 2
2011/01/29 00:16:25.0994 Page size: 0x1000
2011/01/29 00:16:25.0994 Boot type: Normal boot
2011/01/29 00:16:25.0994 ================================================================================
2011/01/29 00:16:26.0497 Initialize success
2011/01/29 00:16:54.0106 ================================================================================
2011/01/29 00:16:54.0106 Scan started
2011/01/29 00:16:54.0106 Mode: Manual;
2011/01/29 00:16:54.0106 ================================================================================
2011/01/29 00:16:54.0646 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/01/29 00:16:54.0841 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/29 00:16:55.0014 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/29 00:16:55.0062 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/29 00:16:55.0215 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/29 00:16:55.0405 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/01/29 00:16:55.0527 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/29 00:16:55.0657 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/29 00:16:55.0756 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
2011/01/29 00:16:55.0865 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/29 00:16:56.0033 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/29 00:16:56.0067 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/29 00:16:56.0234 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/29 00:16:56.0251 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/29 00:16:56.0433 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/29 00:16:56.0510 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/29 00:16:56.0583 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/29 00:16:56.0622 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/01/29 00:16:56.0850 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/29 00:16:57.0159 ATSWPDRV (6ca9b5501d61d6aa3c050d4bf081350b) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/01/29 00:16:57.0334 AVFilter (a7f31519efda39d9c4669aaa5475d38f) C:\Windows\system32\drivers\AVFilter.sys
2011/01/29 00:16:57.0423 AVHook (8ff38af73a478a01fd3065adbbef401c) C:\Windows\system32\drivers\AVHook.sys
2011/01/29 00:16:57.0563 AVRec (e7510743a3d54e96eea34dbf5255fd5e) C:\Windows\system32\drivers\AVRec.sys
2011/01/29 00:16:57.0651 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/29 00:16:57.0797 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/29 00:16:57.0992 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/29 00:16:58.0066 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/29 00:16:58.0147 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/29 00:16:58.0186 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/29 00:16:58.0234 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/29 00:16:58.0325 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/29 00:16:58.0344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/29 00:16:58.0391 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/29 00:16:58.0450 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/29 00:16:58.0567 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/29 00:16:58.0636 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/01/29 00:16:58.0743 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/29 00:16:58.0827 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/29 00:16:59.0004 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/29 00:16:59.0058 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/29 00:16:59.0149 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/01/29 00:16:59.0261 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/29 00:16:59.0330 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/29 00:16:59.0451 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/01/29 00:16:59.0518 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/29 00:16:59.0617 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/29 00:16:59.0691 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/29 00:16:59.0787 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/01/29 00:16:59.0979 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/01/29 00:17:00.0101 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/29 00:17:00.0219 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/29 00:17:00.0277 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/29 00:17:00.0450 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/29 00:17:00.0512 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/29 00:17:00.0657 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/29 00:17:00.0849 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/01/29 00:17:00.0955 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/29 00:17:01.0103 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/29 00:17:01.0206 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/01/29 00:17:01.0343 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/01/29 00:17:01.0432 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/29 00:17:01.0516 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/29 00:17:01.0555 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/29 00:17:01.0593 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/29 00:17:01.0640 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/01/29 00:17:01.0767 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/29 00:17:01.0805 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/29 00:17:01.0880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/29 00:17:02.0109 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/01/29 00:17:02.0198 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/29 00:17:02.0316 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/29 00:17:02.0344 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/29 00:17:02.0482 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/29 00:17:02.0537 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/29 00:17:02.0719 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
2011/01/29 00:17:02.0770 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/29 00:17:02.0850 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/29 00:17:02.0923 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/29 00:17:02.0975 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/29 00:17:03.0598 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/29 00:17:03.0649 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/29 00:17:03.0690 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/29 00:17:03.0833 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/29 00:17:03.0902 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/29 00:17:03.0920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/29 00:17:04.0039 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/29 00:17:04.0074 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/29 00:17:04.0126 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/29 00:17:04.0231 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/29 00:17:04.0265 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/29 00:17:04.0301 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/29 00:17:04.0427 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/01/29 00:17:04.0480 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/29 00:17:04.0590 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/29 00:17:04.0644 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/29 00:17:04.0663 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/29 00:17:04.0682 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/29 00:17:04.0801 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/29 00:17:05.0036 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/29 00:17:05.0093 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/29 00:17:05.0229 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/29 00:17:05.0279 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/29 00:17:05.0312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/29 00:17:05.0338 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/29 00:17:05.0425 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/29 00:17:05.0497 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/29 00:17:05.0532 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/29 00:17:05.0688 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/29 00:17:05.0738 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/29 00:17:05.0781 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/29 00:17:05.0852 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/29 00:17:05.0897 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/29 00:17:05.0973 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/01/29 00:17:06.0064 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/29 00:17:06.0109 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/29 00:17:06.0143 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/29 00:17:06.0309 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/29 00:17:06.0341 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/29 00:17:06.0406 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/29 00:17:06.0500 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/01/29 00:17:06.0542 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/29 00:17:06.0692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/29 00:17:06.0732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/01/29 00:17:07.0040 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/29 00:17:07.0574 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/01/29 00:17:07.0670 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/29 00:17:07.0708 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/29 00:17:08.0315 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/29 00:17:08.0542 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/29 00:17:08.0711 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/29 00:17:08.0763 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/29 00:17:10.0012 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/01/29 00:17:10.0589 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/29 00:17:10.0767 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/01/29 00:17:10.0927 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/29 00:17:11.0130 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/01/29 00:17:11.0265 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/29 00:17:11.0307 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/29 00:17:11.0350 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/29 00:17:11.0597 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/29 00:17:11.0774 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/29 00:17:11.0933 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
2011/01/29 00:17:12.0306 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/29 00:17:12.0466 OpenLibSys (f44242b8d3ed249895a3e9268e9fa012) C:\Program Files\NXP\FM Radio\OpenLibSys.sys
2011/01/29 00:17:12.0951 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/29 00:17:13.0302 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/01/29 00:17:13.0586 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/29 00:17:13.0751 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/01/29 00:17:13.0797 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/29 00:17:14.0193 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/29 00:17:14.0555 PCTCore (d302a59e6d1842a201930928a5bad68b) C:\Windows\system32\drivers\PCTCore.sys
2011/01/29 00:17:14.0985 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/29 00:17:15.0276 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/29 00:17:15.0322 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/29 00:17:15.0418 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/29 00:17:15.0636 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
2011/01/29 00:17:15.0983 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/29 00:17:16.0159 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/29 00:17:16.0362 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/29 00:17:16.0521 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/29 00:17:16.0592 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/29 00:17:16.0889 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/29 00:17:17.0029 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/29 00:17:17.0086 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/29 00:17:17.0274 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/29 00:17:17.0347 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/29 00:17:17.0410 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/29 00:17:17.0463 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/01/29 00:17:17.0538 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/29 00:17:17.0673 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/01/29 00:17:17.0824 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/01/29 00:17:17.0975 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/29 00:17:18.0037 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/29 00:17:18.0178 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/29 00:17:18.0291 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/29 00:17:18.0371 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/29 00:17:18.0407 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/29 00:17:18.0465 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/29 00:17:18.0523 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/29 00:17:18.0587 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/29 00:17:18.0625 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/29 00:17:18.0662 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/29 00:17:18.0689 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/29 00:17:18.0730 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/29 00:17:18.0767 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/29 00:17:18.0986 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/01/29 00:17:19.0365 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/29 00:17:19.0903 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
2011/01/29 00:17:20.0272 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/29 00:17:20.0435 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/29 00:17:20.0643 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/29 00:17:20.0847 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/29 00:17:21.0014 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/29 00:17:21.0193 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/29 00:17:21.0417 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/29 00:17:21.0573 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
2011/01/29 00:17:21.0929 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/29 00:17:22.0243 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/29 00:17:22.0781 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/01/29 00:17:23.0175 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/29 00:17:23.0498 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/29 00:17:23.0588 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/29 00:17:23.0677 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/29 00:17:24.0105 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/01/29 00:17:24.0770 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/01/29 00:17:24.0983 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/29 00:17:25.0072 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/29 00:17:25.0360 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/29 00:17:25.0403 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/29 00:17:25.0506 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/29 00:17:25.0611 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/29 00:17:25.0700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/29 00:17:26.0070 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/29 00:17:26.0361 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/29 00:17:26.0678 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/29 00:17:26.0818 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/29 00:17:26.0976 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/29 00:17:27.0225 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/29 00:17:27.0378 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/29 00:17:27.0526 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/29 00:17:27.0856 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/29 00:17:27.0978 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/29 00:17:28.0173 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/29 00:17:28.0313 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/29 00:17:28.0578 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/29 00:17:28.0928 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/29 00:17:29.0232 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/01/29 00:17:29.0956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/29 00:17:30.0118 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/29 00:17:30.0226 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/29 00:17:30.0405 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/29 00:17:30.0424 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/29 00:17:30.0476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/29 00:17:30.0588 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/01/29 00:17:30.0891 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/01/29 00:17:31.0275 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/29 00:17:31.0514 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/29 00:17:31.0736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/29 00:17:31.0771 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/29 00:17:32.0019 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/29 00:17:32.0388 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/29 00:17:32.0926 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/29 00:17:33.0228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/29 00:17:33.0756 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/29 00:17:34.0607 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/01/29 00:17:34.0737 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/29 00:17:34.0740 ================================================================================
2011/01/29 00:17:34.0740 Scan finished
2011/01/29 00:17:34.0740 ================================================================================
2011/01/29 00:17:34.0750 Detected object count: 1
2011/01/29 00:18:12.0462 \HardDisk0 - will be cured after reboot
2011/01/29 00:18:12.0463 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/29 00:18:18.0667 Deinitialize success

OTL logfile created on: 29/01/2011 12:29:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mum and Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2011/01/29 00:28:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
PRC - [2011/01/23 11:19:56 | 000,033,792 | ---- | M] () -- C:\Users\Mum and Dad\wuaucldt.exe
PRC - [2010/10/24 20:32:56 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/08/26 19:35:04 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/28 21:03:00 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/13 18:24:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/28 21:07:12 | 000,704,512 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/03 16:20:14 | 003,152,384 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Program Files\TrueSuite Access Manager\PwdBank.exe
PRC - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/07/25 15:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/06/05 18:43:10 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/09 05:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/30 05:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/27 10:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/04/25 13:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/18 05:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/04/17 18:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 18:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/03/20 08:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/07 08:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/07 08:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 12:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/07/17 03:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/17 03:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/16 16:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/06/12 01:14:51 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/06/12 01:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe
PRC - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/24 11:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/01/29 00:28:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
MOD - [2009/04/11 17:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/25 12:30:50 | 000,074,240 | ---- | M] () [Auto | Stopped] -- c:\ProgramData\Adobe\sp.DLL -- (SPService)
SRV - [2011/01/18 22:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/26 19:35:04 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/16 11:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Stopped] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc)
SRV - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/06/05 18:43:10 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/25 13:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/07 08:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/04 12:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/06/12 01:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/12 01:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/24 11:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/11 15:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/10/23 02:58:12 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/25 15:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/05 18:13:40 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/16 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 13:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/08 05:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/04 13:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/03/04 13:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/18 06:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 05:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/30 12:58:00 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/10 09:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/20 09:05:42 | 000,014,672 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files\NXP\FM Radio\OpenLibSys.sys -- (OpenLibSys)
DRV - [2007/04/10 11:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/24 11:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 B0 83 2A 18 B0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "drugstorepillsworld.net"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/27 09:10:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 13:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 03:12:25 | 000,000,000 | ---D | M]

[2008/12/17 15:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Extensions
[2011/01/27 12:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\k6x4y3qy.default\extensions
[2011/01/09 05:29:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\k6x4y3qy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/27 12:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 03:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/04 04:05:12 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/17 17:12:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2011/01/09 13:38:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/01/09 13:38:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/01/09 13:38:26 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/01/09 13:38:26 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/08 12:14:13 | 000,002,067 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 6 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{F8392C5D-2966-7A2E-B13C-77E630273004}] C:\Users\Mum and D

boredguy 0 Newbie Poster · Answer 3 · 2011-01-28T20:44:05+00:00

OTL Extras logfile created on: 29/01/2011 12:29:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mum and Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5004:TCP" = 5004:TCP:*:Enabled:spport
"23733:TCP" = 23733:TCP:*:Enabled:spport
"5199:TCP" = 5199:TCP:*:Enabled:spport
"26312:TCP" = 26312:TCP:*:Enabled:spport
"24705:TCP" = 24705:TCP:*:Enabled:spport
"16034:TCP" = 16034:TCP:*:Enabled:spport
"26267:TCP" = 26267:TCP:*:Enabled:spport
"27333:TCP" = 27333:TCP:*:Enabled:spport
"29969:TCP" = 29969:TCP:*:Enabled:spport
"22407:TCP" = 22407:TCP:*:Enabled:spport
"18977:TCP" = 18977:TCP:*:Enabled:spport
"18033:TCP" = 18033:TCP:*:Enabled:spport
"27732:TCP" = 27732:TCP:*:Enabled:spport
"14661:TCP" = 14661:TCP:*:Enabled:spport
"15412:TCP" = 15412:TCP:*:Enabled:spport
"28839:TCP" = 28839:TCP:*:Enabled:spport
"16143:TCP" = 16143:TCP:*:Enabled:spport
"18591:TCP" = 18591:TCP:*:Enabled:spport
"8713:TCP" = 8713:TCP:*:Enabled:spport
"27176:TCP" = 27176:TCP:*:Enabled:spport
"7519:TCP" = 7519:TCP:*:Enabled:spport
"24626:TCP" = 24626:TCP:*:Enabled:spport
"11796:TCP" = 11796:TCP:*:Enabled:spport
"17569:TCP" = 17569:TCP:*:Enabled:spport
"12608:TCP" = 12608:TCP:*:Enabled:spport
"20102:TCP" = 20102:TCP:*:Enabled:spport

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050BE9B1-AF37-4BA9-9410-ECB7FD0DF706}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C8F2794-09B0-4BB6-B5C3-BD41E878672E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{104C6254-EB4D-488B-9CCF-2B986D26F5F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{317B3662-2483-4960-8175-B62882974CFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5109CAFE-34D9-4506-A6DD-177A55E69C7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{525CA085-1020-4FF5-9211-948F3E9A027C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{592112E8-AEC1-4F92-818F-D05DE9F1E6D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C2D8254-01C3-421A-8673-F5730F68AB3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{7CDEFBFC-6D78-4BD6-ABE4-F311254F03BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96AA166B-30AC-442F-BBF1-643773AAE941}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0BC4A64-D15F-4DFB-81D8-702BCF41B502}" = lport=139 | protocol=6 | dir=in | app=system |
"{B3A71E76-6F3F-4BEB-B441-32E8B25EC962}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3DE59F1-3F05-48D2-B9D9-C3587573B76A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5960A9E-5E2F-4B7D-84FC-3BCD8A979FCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6B6072E-F5BE-42B4-BA4D-E5FC7C374393}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C31ED854-FC52-4F94-BE50-E45D9F12B60C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D72CDD5C-0AFC-443B-ACA2-3C31483F0933}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA5930C2-EC5D-4567-8F0A-A155482CDF84}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2339614-A05A-4503-BFF2-28FEE2AA6C00}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC4888E1-8FF1-44FE-B22D-B2A71441DC50}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA2286EF-B85F-4B09-BD7C-3FFF5E04DF00}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0319957D-22BF-44CB-A46A-DDA4E6FDA295}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"{0446F6FB-5719-474D-9A18-0A717C3FEE4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{077C78BE-198A-42CC-93E8-DACA622698A3}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{0AE1B946-9A88-4FD6-A49F-930DA724AC91}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0B129183-F931-41F7-BC35-7DEC5CF6ED4A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CD71AE1-7367-4755-A579-E64469C3F2A7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0F326DA9-F79C-430C-99B5-F6AFAD989082}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{12EFCC9D-130B-46CB-83EB-2CF0F6EA56FE}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{180D6021-52AE-4731-8CF4-B437478A152C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{1A487EEE-0913-41D8-942D-52DCF78F4C57}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1B9EAC91-3985-44D7-8783-1456FB906F55}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{1CBD6902-5B83-4E57-984E-C3CDA8D45F6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F7D8675-4337-4559-922D-A7251328EFD5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{237536BC-D01D-4A3A-BD1D-130276B70DB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23A8FFA6-2601-4955-A0E5-0D8D2BE4B9A3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{270B39F8-4951-4003-9C79-3C0D7BEBEFB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{2959F5A9-B88E-4FE5-A061-C68D81754DCA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{2A0FD75F-9BE4-48BF-9193-A45B1BABBAE2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{31C40D17-A57A-4360-AD31-CA7A02DE1BAB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{322C4882-D314-465F-A623-0D61C562BE57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{33E014FC-9E30-4F8F-8C1F-3883628D3DE3}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{37353771-4EAA-4D3D-AE19-BAF2DEA678BF}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{4879CB83-724A-489A-AC59-5B4CB81D2633}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A323DBA-8C27-4D93-B146-BD87DE15462D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{4AB7571A-BEC4-4376-A3AF-67FFB49BDF0E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{51566B08-57C0-4BC3-92C6-F258E8259614}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{548A0A2A-9DBC-49A9-B937-5BDED9BF1489}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{557DDE4A-14ED-4667-B0AA-8B89A7AB0D93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BEE013B-EFDC-43FA-A77F-4BB0192BA252}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{5EDE0909-B06B-4224-BFC0-9D9C57063B9D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62509F57-3550-4917-8352-2D34315C53DF}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\lazylaunch2.exe |
"{65B7B361-DC8C-4633-86B3-218950248B2E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{66B2A526-3654-4386-99C9-EE2207A9138D}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{69B05DFE-E0C4-4405-9962-94CF41E8C424}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BC1BD33-E4BA-46D8-A415-EE3D8D35BB99}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{6D02FAF5-8E1D-4A80-B37A-CABF9D33F9C6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6DEF49F2-193E-4BB5-A61E-30225CA63A07}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{706C174B-8A4F-4B32-B1D1-5008A939962F}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{743C1EF1-41BC-4040-ABDE-7E40A946172A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{75FF2C34-DE29-4943-BE01-3E6D47D3FF98}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{78952855-A81C-44A3-A782-5959A3E943AB}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{7C15508D-B1EA-4D8F-BB7A-B08D4BE6D44E}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{7E08CDBC-F08F-4942-8EE6-973BAD72ED50}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{800844C9-3E6D-46E5-B894-31FA5F81EF3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827E793B-F36F-44AF-890D-B44D95AE578D}" = protocol=6 | dir=out | app=system |
"{84A580A4-545D-4C57-BC3B-E3707674C5F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D8741BF-332E-4D2D-AEA4-FEBBA17F5D3E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{8E3A7985-4516-41D2-BF90-2CD3FBDC0824}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{907890C4-0821-4D70-AEE5-B2253A90B6CB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{909E45E5-1A2F-46A7-AC68-CF56354F9AA1}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"{954FA543-93E0-438A-B7D3-2EDDE6AA3C27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{992351EF-989D-458D-852E-46D68AAD5227}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"{99EDE578-2A63-4B43-BCB0-535961353842}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A4E23156-12C7-4B1A-803A-90D6F90EE82D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A9940EFD-3A6D-4BD1-99CD-C54986C3E0B1}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\lazylaunch2.exe |
"{AC310F6D-9192-4CEC-8DEE-5F0E976C8E60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE50BF33-17EB-46C6-8750-F939829E1E54}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{AFB4C034-AF69-4E86-80C3-BE163BC93EE2}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{B1694039-0066-4EC0-9D29-7EF7FEFF5C0E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{B199E1A8-B01E-4308-88FA-E84F80791304}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{B645FD74-2B6C-4DA6-9B07-EAC776488368}" = protocol=17 | dir=in | app=c:\users\robert\downloads\starcraft brood war portable\starcraft brood war portable.exe |
"{BA6B8FEA-52AC-4E9B-B4AF-F65ED4912A1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB5760BA-44ED-4D41-BDB8-0DDF79D58092}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{BE24B8A1-0802-4F08-B364-A42578DB13D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEBBB088-B7EA-443C-9A8F-007BF469C5F5}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{C2A62678-8146-4C27-AF78-6A262111A25E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{C5FA7953-490A-460B-A2B5-385EADBB6E33}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C84DDDB9-2099-43F0-AE5A-304840D89B70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C909A087-DF8E-47D6-9628-55DB7A16087D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C99BECD3-3981-4FE1-980D-EC567373254B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB11AB5E-E7F1-4A3F-8D99-9717CDBBDDD9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"{CB5D2AD2-55DF-489B-9BB6-F70F1B195E34}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CF1CFBAD-E783-4864-922B-86B59D957855}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{D3474763-53F8-47D6-9784-4504185708E6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D3486511-2E48-4D4A-AA59-16252A690564}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4099468-ACB0-4117-B567-6DE79B6C4B2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4757311-96CC-4E9F-B043-39C64B75D528}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{DD4FD046-EA42-445C-9F00-3687D1BC927A}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DDBFAC03-4975-4753-99DC-CFD31373C747}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DEF28970-FA34-42B4-A7AE-B467218E4945}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E1708EF0-5445-4C22-A713-C8AC3B83C03D}" = protocol=6 | dir=in | app=c:\users\robert\downloads\starcraft brood war portable\starcraft brood war portable.exe |
"{E8E60836-EC9D-45A5-A3DD-FF581C6E36CD}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{EA331CDE-B0BD-4C38-A391-C5E96EAB1952}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDEF6F9D-B3D2-4771-9D81-E353F32EA0B8}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{F62C9F71-AFC3-4FD2-8CE3-51A053A40F70}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F7C52DD9-4A93-43F2-BC70-DCF550D4DCF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC17DF87-3F2E-4D9B-9F75-CC18230967E7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{FCAD00D5-D3D6-461C-B0C7-BD5B60107B56}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{04D18329-2DEA-4B1C-A09A-DC5A7024A714}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{0B80CEAA-9056-454C-8C56-9F1C89333770}C:\program files\activision value\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=c:\program files\activision value\soldier of fortune payback\sof3.exe |
"TCP Query User{0CE2F1EE-FC1B-4E8C-A3BB-0705C19486EB}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{29A5FC64-444D-4C8A-8BE1-9B7FF59677BB}C:\program files\starcraft ii\versionstest\base17190\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versionstest\base17190\sc2.exe |
"TCP Query User{350FD85C-F022-4816-A7DE-773A8EDC9A95}C:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"TCP Query User{3C1F4BE8-DF5B-4FA3-8071-EAAA19F7508A}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{3DF01EA0-1EDA-4B5D-A012-B4529627292E}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{4A6DD972-E73E-401B-B157-657DD440663E}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5585E90A-A6D4-49E0-85AC-B713480430A0}C:\program files\starcraft + broodwar\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft + broodwar\starcraft\starcraft.exe |
"TCP Query User{5A0CAAB2-AC21-4094-A162-32000E2B0D3D}C:\program files\age of empires i\empires.exe" = protocol=6 | dir=in | app=c:\program files\age of empires i\empires.exe |
"TCP Query User{66FB5AA1-E3A6-4F6F-B83F-8B3A6AC084EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6F07416C-58B8-4A4A-9DCA-7B0A61DE9833}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=6 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"TCP Query User{7120C999-5B81-4E54-9917-20B592EC8938}C:\users\robert\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\robert\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{7AC62146-7F9D-439A-B174-221F39F136FF}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{7C41C639-3322-4AB6-ABC5-DFDF187E0997}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{86CB5945-2E19-4E79-A06E-7BB61CAA03D6}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{8C155EC3-42A7-4BE6-8EB0-7B2600F6FFDD}C:\users\robert\appdata\local\microsoft\windows\temporary internet files\content.ie5\jlnajocf\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\microsoft\windows\temporary internet files\content.ie5\jlnajocf\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe |
"TCP Query User{9981CBA8-3305-4B27-AE06-E915620B1153}C:\users\robert\downloads\starcraft + broodwar\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\starcraft + broodwar\downloader_starcraft_combo_enus.exe |
"TCP Query User{A1160D2B-B3FB-45C6-98E8-55122268F3D4}C:\program files\starcraft ii\starcraft ii public test.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe |
"TCP Query User{B38D4872-DF6E-4A07-9D83-F037B1881E67}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{B556973B-A9E3-4499-AE9B-E9717FCCCE3D}C:\temp\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\temp\starcraft\starcraft.exe |
"TCP Query User{C60289A9-B32A-43B1-8B3B-B9362D0A4274}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=6 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"TCP Query User{D018A285-ED08-4CA1-A2AB-8BF459A4BB03}C:\program files\starcraft + broodwar\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft + broodwar\starcraft\starcraft.exe |
"TCP Query User{D291CAAB-10E5-4248-A9F6-6A5387D44E93}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{D516FFE2-05DA-4DC4-ADDC-6D78EE7B790A}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{DBCFF5AF-EBF8-4858-89D2-67EA79100445}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{E15CF948-CBAE-4639-9C28-33FA8765DBA9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E4870F65-EE34-4FB5-809B-F1A4C45E43DA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E79E583E-F7E0-4D8C-9A4F-4FA07E8283E6}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{F8F81A6B-B584-45A9-B53E-BB69CF883052}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FA18808A-C971-428F-8967-87AABA75996E}C:\users\robert\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\robert\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{13055579-49E5-498B-BF40-1203998A4222}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{180C1CCE-47EB-425E-82BA-1ED733CFFA1F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{20885ECA-10B7-436D-B1F8-B39DDF49BB1C}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{302D5DF2-46C2-4806-9992-E0D221F816BB}C:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{36CB5D67-ECA5-4E64-9788-ED7F474DD9F5}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{38CD6AC1-A720-4829-A352-D05CAEA6D63D}C:\users\robert\appdata\local\microsoft\windows\temporary internet files\content.ie5\jlnajocf\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\microsoft\windows\temporary internet files\content.ie5\jlnajocf\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe |
"UDP Query User{3D7FEA74-7D4E-484A-9385-9A1B92E81178}C:\program files\starcraft + broodwar\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft + broodwar\starcraft\starcraft.exe |
"UDP Query User{3E262FDE-E83A-4F0A-834E-77BC6604D9DD}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{445D8BFA-172F-4CB6-B1F5-FAA688A55065}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{4D2C639A-3685-411C-A534-BE19E9D132FC}C:\program files\starcraft ii\starcraft ii public test.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe |
"UDP Query User{5C8269B2-6011-4A20-B885-4CE172BB4894}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{5E4F075C-B7E8-4B09-BD62-88BA158B46BD}C:\program files\starcraft ii\versionstest\base17190\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versionstest\base17190\sc2.exe |
"UDP Query User{71303249-5080-4263-8783-B254194AB41B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8BB8F552-34E6-45AA-A4CF-EF560518C690}C:\program files\age of empires i\empires.exe" = protocol=17 | dir=in | app=c:\program files\age of empires i\empires.exe |
"UDP Query User{8DF04664-FA74-489D-8BF5-92E148620F30}C:\program files\activision value\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=c:\program files\activision value\soldier of fortune payback\sof3.exe |
"UDP Query User{8F5886A3-007C-4F75-BB58-237C4717D914}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{949289D9-5E5B-4B3D-A6C6-1E7F8619AC77}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=17 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"UDP Query User{9EE77E18-B3FB-4FD6-B3E4-B0A32B8F92F2}C:\program files\starcraft + broodwar\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft + broodwar\starcraft\starcraft.exe |
"UDP Query User{AB2457FB-4A00-4DFD-ABBD-D5803F60CE9C}C:\users\robert\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\robert\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{B1929D0B-A001-4099-A2F9-FA8646002784}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{BFD7E3F4-C5B9-420B-A015-FBCB411CE5A5}C:\users\robert\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\robert\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{C9D45D8B-720F-47D0-9E22-85BB966D9B3D}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{D2C61B9B-08E4-47C3-8043-1866E726C1AD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D399D137-B3CD-4560-8B62-8D3E75C26220}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{D5B11D2A-DAF3-4045-BB23-3582F6DD8992}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{E612C376-7C7D-400B-8FE1-665864BAA7C8}C:\program files\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=17 | dir=in | app=c:\program files\soldier of fortune ii - double helix gold\sof2mp.exe |
"UDP Query User{E6555C95-D273-4C41-8C25-DF1FE9570F54}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{F016923D-97A5-46F1-A6AA-9966A5125222}C:\temp\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\temp\starcraft\starcraft.exe |
"UDP Query User{F09FDCA7-306E-424E-B1F3-5C0AEDE6B939}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{F1266C25-8392-4066-BB8C-806BC3205DB5}C:\users\robert\downloads\starcraft + broodwar\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\starcraft + broodwar\downloader_starcraft_combo_enus.exe |
"UDP Query User{F7C4EE32-5529-4BA5-A989-F7851AC52BBB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08233ADA-AA4C-A977-58FD-DB6C684BE010}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B4C7D42-323A-F3FD-5B18-0222082E6FDD}" = Catalyst Control Center Localization Dutch
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D348034-9CBE-19FC-19B0-B2CDC78E50F1}" = ccc-core-static
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10B35323-BE1A-61FB-C4D1-E88F24147617}" = Catalyst Control Center Localization Thai
"{11BFB898-71E5-488A-A8FF-0E462667FB72}" = Soldier of Fortune Payback
"{11FC2772-F7FD-21FD-614F-CE58BF52C398}" = Catalyst Control Center Localization Chinese Standard
"{12911298-DDB4-AD44-E530-AEB8127503C9}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{1714616C-61CE-44D5-AF0B-53404D7FA83A}" = Catalyst Control Center Localization Korean
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18625A47-84A9-6F6C-3780-79221B6095C3}" = CCC Help Norwegian
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C3F57C7-8474-DF38-8F9F-0EBFB554FD56}" = Catalyst Control Center Localization Hungarian
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{264324EA-35F7-AD77-CC96-F9F47A9A6284}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6F930B-12DA-AD4F-C4A4-E008F73A8016}" = CCC Help English
"{2AEC1EC0-0C01-8831-B04F-41FB4A92B677}" = Catalyst Control Center Localization Spanish
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31326B80-1D01-4DBA-1DCA-A0731182A2E6}" = CCC Help Korean
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31DD9FF4-23CD-7898-0305-70D806E2F7DB}" = CCC Help Japanese
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33AC44A1-81C2-0A61-0EC0-59EFC503A1EA}" = Catalyst Control Center Localization Danish
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DFE65B6-3AC9-C44A-1160-A449E0DFFE94}" = CCC Help Greek
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{405AE172-0CE0-E2A1-1693-1B120B71AF32}" = Catalyst Control Center Localization Japanese
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DC3B285-BE6C-E873-42A1-AE221B3BE4F2}" = CCC Help Hungarian
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{54CAB637-25EA-33FE-2FF4-6F6182BCCF12}" = CCC Help Chinese Standard
"{554532CE-43E2-4B4F-BBDE-27742A32C236}" = Ancient Wars - Sparta
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{567AE922-FB8D-943D-921E-B390A2FBD625}" = CCC Help Russian
"{5788504C-08BC-E414-C019-60D8E2A2A1EB}" = CCC Help Portuguese
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6BCE01B8-333E-667E-0FC9-5070EA9B8108}" = Catalyst Control Center Localization Swedish
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{6EA4F33E-8F12-AB92-D497-2D454E3C4BB7}" = CCC Help Polish
"{6FB6D968-6E8D-3FCB-1F2D-7ED24FC1BA07}" = CCC Help Swedish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7206AFB8-99ED-B788-3DE8-0AE3DBD97B24}" = Catalyst Control Center Localization French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{732662AE-82C0-9184-CE57-4257695EE1CE}" = CCC Help German
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{754F90E7-DE41-0ADE-2E3F-2C269ED9C2EE}" = CCC Help Finnish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B12F319-43E1-D2DD-ABFE-50E34F76A740}" = Catalyst Control Center Graphics Full New
"{7CD8E2EF-AD40-7BD3-13E5-2B2847E568DD}" = ATI Catalyst Install Manager
"{7E340EDB-9BF0-5CF2-C12D-7C31992070E3}" = CCC Help Turkish
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9AF16DB8-2845-88FE-BDC2-EEF067F9B1EC}" = Catalyst Control Center Graphics Full Existing
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9E166691-B3ED-0F76-1FE9-AB3DBAAD75DD}" = CCC Help French
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED994C5-E6CE-0377-09ED-C4000E4189BF}" = Catalyst Control Center Core Implementation
"{AF899B9E-5842-8839-3EDB-AF9EADF52F45}" = ccc-utility
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B245D989-F88A-C2C3-1958-A91254DEC387}" = Catalyst Control Center Graphics Light
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3D15F34-F377-26A0-4CCF-2CB47E5810CD}" = CCC Help Dutch
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5359AD5-4950-174E-4070-CDB1881B161F}" = CCC Help Czech
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCB9DF93-537D-433D-AF3B-36025DEF5798}" = Joint Task Force
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C07CA803-141E-A7C3-13E0-AB99FC5DC7B4}" = Catalyst Control Center Localization Polish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C485E390-78F5-4D5B-B56A-20A4C59B022A}" = FM Tuner Utility
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7838AAD-8B29-86D3-6E04-417C7B7EE628}" = Catalyst Control Center Localization Greek
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C8585E46-A5C9-8E20-77CA-378D5C291B09}" = Catalyst Control Center Localization Finnish
"{C92C2F87-1E84-A9E5-81F3-3B93DC991A4E}" = Catalyst Control Center Localization Chinese Traditional
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB01DA5C-48B7-D9A6-22DE-D678D6007C56}" = Catalyst Control Center Localization German
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D05EB4EF-29BE-8031-9AF5-2DC9485D5870}" = Catalyst Control Center Localization Russian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D7F069BF-7A9F-6A09-D5AE-E77F8B2E892F}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DDC519DE-AC45-634C-C009-6FCE1EF313F3}" = Catalyst Control Center Localization Portuguese
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED3C1C9D-0496-6884-8B32-8A2B73219C20}" = Catalyst Control Center Localization Italian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A85260-5B90-4C0E-07FF-72A89AA18F77}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F24E1A94-76DD-85BD-5B6C-6701CC4E8A0F}" = CCC Help Chinese Traditional
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4614173-1F8B-A19A-C2CC-57834FBCCE6C}" = CCC Help Spanish
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F89CF986-3AA7-8B20-390A-D5C09F27F85D}" = Catalyst Control Center Localization Turkish
"{F8F37F88-4CB6-9162-AE65-7BBA7E476547}" = Catalyst Control Center Graphics Previews Vista
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFF7CB0F-FA65-7115-2CEC-16C21037C88E}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Actual Spy_is1" = Actual Spy 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"AGEIA PhysX v2.5.0" = AGEIA PhysX v2.5.0
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"Conquest_is1" = Conquest 4.0
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ICCup Launcher_is1" = ICCup Launcher
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LMSOFT Web Creator Pro 4" = LMSOFT Web Creator Pro 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Naughty Poker_is1" = Naughty Poker 3.0
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RECOIL" = RECOIL
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"StarCraft II - Beta Launcher (Version 0.22.2)" = StarCraft II - Beta Launcher (Version 0.22.2)
"Steam App 1250" = Killing Floor
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"YourOwnStripPoker Demo_is1" = YourOwnStripPoker version 3.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

boredguy 0 Newbie Poster · Answer 4 · 2011-01-29T10:11:21+00:00

Log from the fix

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bianca
->Flash cache emptied: 13650 bytes

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mum and Dad
->Flash cache emptied: 73379 bytes

User: Public

User: Robert
->Flash cache emptied: 502286 bytes

Total Flash Files Cleaned = 1.00 mb

[EMPTYTEMP]

User: All Users

User: Bianca
->Temp folder emptied: 52238722 bytes
->Temporary Internet Files folder emptied: 28428231 bytes
->Java cache emptied: 35231133 bytes
->FireFox cache emptied: 92938699 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mum and Dad
->Temp folder emptied: 24301462 bytes
->Temporary Internet Files folder emptied: 298360553 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 45276175 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 1094014685 bytes
->Temporary Internet Files folder emptied: 3523493591 bytes
->Java cache emptied: 277897714 bytes
->FireFox cache emptied: 55853225 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 48246674 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 78357 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,330.00 mb

Error: Unable to interpret <[Reboot]:OTL> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [cfFncEnabler.exe] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NDSTray.exe] File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Regedit32] File not found> in the current context!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bianca
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mum and Dad
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Bianca
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mum and Dad
->Temp folder emptied: 132608 bytes
->Temporary Internet Files folder emptied: 2185441 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1589248 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 01292011_143511

Files\Folders moved on Reboot...
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA76C.tmp not found!
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA77C.tmp not found!
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA7BE.tmp not found!
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA7C9.tmp not found!
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA7FF.tmp not found!
File\Folder C:\Users\Mum and Dad\AppData\Local\Temp\~DFA80A.tmp not found!
C:\Users\Mum and Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JJRRIVYT\like[3].htm moved successfully.
C:\Users\Mum and Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IIQSGPGZ\ads[1].htm moved successfully.
C:\Users\Mum and Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IIQSGPGZ\ads[2].htm moved successfully.
C:\Users\Mum and Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\954PUDO8\thread343224[1].html moved successfully.
C:\Users\Mum and Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

boredguy 0 Newbie Poster · Answer 5 · 2011-01-29T10:14:07+00:00

Log from the new quick scan

OTL logfile created on: 29/01/2011 3:08:43 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mum and Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2011/01/29 00:28:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
PRC - [2011/01/23 11:19:56 | 000,033,792 | ---- | M] () -- C:\Users\Mum and Dad\wuaucldt.exe
PRC - [2010/10/24 20:32:56 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/07/28 21:03:00 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/13 18:24:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 17:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/06/05 18:43:10 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/25 13:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/07 08:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 12:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/06/12 01:14:51 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/06/12 01:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe
PRC - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/24 11:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/01/29 00:28:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
MOD - [2009/04/11 17:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/25 12:30:50 | 000,074,240 | ---- | M] () [Auto | Running] -- c:\ProgramData\Adobe\sp.DLL -- (SPService)
SRV - [2011/01/18 22:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/26 19:35:04 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/16 11:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Stopped] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc)
SRV - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/06/05 18:43:10 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/25 13:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/07 08:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/04 12:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/06/12 01:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/12 01:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/24 11:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/11 15:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/10/23 02:58:12 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/25 15:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/05 18:13:40 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/16 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 13:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/08 05:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/04 13:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/03/04 13:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/18 06:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 05:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/30 12:58:00 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/10 09:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/20 09:05:42 | 000,014,672 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files\NXP\FM Radio\OpenLibSys.sys -- (OpenLibSys)
DRV - [2007/04/10 11:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/24 11:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 B0 83 2A 18 B0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "drugstorepillsworld.net"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/27 09:10:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 13:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 03:12:25 | 000,000,000 | ---D | M]

[2008/12/17 15:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Extensions
[2011/01/29 01:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\k6x4y3qy.default\extensions
[2011/01/09 05:29:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mum and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\k6x4y3qy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/27 12:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 03:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/04 04:05:12 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/17 17:12:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2011/01/09 13:38:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/01/09 13:38:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/01/09 13:38:26 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/01/09 13:38:26 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/08 12:14:13 | 000,002,067 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 6 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKCU..\Run: [{F8392C5D-2966-7A2E-B13C-77E630273004}] C:\Users\Mum and Dad\AppData\Roaming\Zadica\wutuh.exe ()
O4 - HKCU..\Run: [Regedit32] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [wuaucldt] c:\Users\Mum and Dad\wuaucldt.exe ()
O4 - Startup: C:\Users\Mum and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 203.12.160.35 203.12.160.36
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{45c27129-c693-11dd-a521-001e68a47601}\Shell\AutoRun\command - "" = E:\s1.exe
O33 - MountPoints2\{45c27129-c693-11dd-a521-001e68a47601}\Shell\open\Command - "" = E:\s1.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/29 14:35:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/29 00:28:39 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
[2011/01/28 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Local\Adobe
[2011/01/27 13:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/01/27 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2011/01/26 03:54:04 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Zadica
[2011/01/26 03:54:04 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Ucebx
[2011/01/25 21:49:37 | 007,604,743 | ---- | C] (McAfee Inc.) -- C:\Users\Mum and Dad\Desktop\stinger10101346.exe
[2011/01/24 00:26:39 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Local\Unity
[2011/01/22 19:39:18 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mum and Dad\Desktop\TDSSKiller.exe
[2011/01/20 01:16:29 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/01/18 22:07:20 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Ventrilo
[2011/01/17 22:08:18 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Local\Microsoft_Corporation
[2011/01/17 18:32:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2011/01/17 18:30:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2011/01/17 18:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011/01/17 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/01/17 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\Documents\Visual Studio 2008
[2011/01/17 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/01/17 18:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/01/17 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Local\Microsoft Help
[2011/01/17 18:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2011/01/17 18:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/01/17 18:22:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/01/17 18:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/01/12 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\skypePM
[2011/01/12 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Skype
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Loavy
[2011/01/11 12:16:44 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\AppData\Roaming\Gatoad
[2011/01/11 01:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/01/09 13:31:43 | 000,000,000 | ---D | C] -- C:\Users\Mum and Dad\Documents\StarCraft II
[2011/01/06 09:15:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/01/04 04:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011/01/04 04:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2011/01/04 04:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
[2009/11/17 17:13:16 | 886,834,586 | ---- | C] (Nexon) -- C:\Program Files\CombatArmsSetupV32.exe
[2009/01/06 17:16:44 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/01/06 17:16:43 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/01/06 17:16:42 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/01/06 17:16:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/01/06 17:16:41 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/01/06 17:16:41 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/01/06 17:16:41 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/01/06 17:16:41 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/01/06 17:16:40 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/01/06 17:16:38 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/01/06 17:16:36 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/01/06 17:16:36 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2008/12/30 15:38:30 | 000,126,976 | ---- | C] (Gary's Hood) -- C:\Program Files\rsclient.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/29 15:10:30 | 000,665,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/29 15:10:30 | 000,130,254 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/29 15:08:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{889C58AA-C16F-4E1A-8A5B-CBF668F68B6F}.job
[2011/01/29 15:05:05 | 000,000,001 | ---- | M] () -- C:\Users\Mum and Dad\oashdihasidhasuidhiasdhiashdiuasdhasd
[2011/01/29 15:04:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/29 15:04:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/29 15:04:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/29 15:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/29 15:03:57 | 2142,105,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/29 15:02:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/29 14:56:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3938634844-1446963328-1823835263-1000UA.job
[2011/01/29 14:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/29 00:28:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mum and Dad\Desktop\OTL.exe
[2011/01/29 00:20:13 | 000,000,680 | ---- | M] () -- C:\Users\Mum and Dad\AppData\Local\d3d9caps.dat
[2011/01/29 00:15:31 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mum and Dad\Desktop\TDSSKiller.exe
[2011/01/29 00:15:00 | 001,237,433 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\tdsskiller.zip
[2011/01/28 15:57:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3938634844-1446963328-1823835263-1000Core.job
[2011/01/28 15:18:25 | 000,296,448 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\lfn1n4wm.exe
[2011/01/28 15:17:54 | 000,624,128 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\dds.scr
[2011/01/27 14:39:42 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/01/27 14:39:42 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/01/27 13:17:59 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011/01/26 03:45:22 | 000,000,017 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\stinger10101346.opt
[2011/01/25 21:49:45 | 007,604,743 | ---- | M] (McAfee Inc.) -- C:\Users\Mum and Dad\Desktop\stinger10101346.exe
[2011/01/23 11:19:56 | 000,033,792 | ---- | M] () -- C:\Users\Mum and Dad\wuaucldt.exe
[2011/01/20 01:16:29 | 000,000,215 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\Call of Duty Black Ops.url
[2011/01/20 01:16:29 | 000,000,215 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\Call of Duty Black Ops - Multiplayer.url
[2011/01/19 15:10:24 | 000,001,109 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\advanced.cfg
[2011/01/17 19:05:07 | 000,002,202 | ---- | M] () -- C:\Users\Mum and Dad\Desktop\Google Chrome.lnk
[2011/01/17 19:00:19 | 003,620,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/12 16:28:30 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/11 01:15:07 | 216,416,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/10 03:38:00 | 000,008,704 | ---- | M] () -- C:\Users\Mum and Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 13:40:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/01/08 12:14:13 | 000,002,067 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/29 00:25:12 | 000,000,001 | ---- | C] () -- C:\Users\Mum and Dad\oashdihasidhasuidhiasdhiashdiuasdhasd
[2011/01/29 00:14:53 | 001,237,433 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\tdsskiller.zip
[2011/01/28 15:18:20 | 000,296,448 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\lfn1n4wm.exe
[2011/01/28 15:17:43 | 000,624,128 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\dds.scr
[2011/01/27 13:37:28 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/01/27 13:37:28 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/01/27 13:17:59 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011/01/26 03:45:22 | 000,000,017 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\stinger10101346.opt
[2011/01/23 11:19:56 | 000,033,792 | ---- | C] () -- C:\Users\Mum and Dad\wuaucldt.exe
[2011/01/20 01:16:29 | 000,000,215 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\Call of Duty Black Ops.url
[2011/01/20 01:16:29 | 000,000,215 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\Call of Duty Black Ops - Multiplayer.url
[2011/01/19 15:10:23 | 000,001,109 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\advanced.cfg
[2011/01/17 19:05:01 | 000,002,202 | ---- | C] () -- C:\Users\Mum and Dad\Desktop\Google Chrome.lnk
[2011/01/17 18:25:32 | 000,001,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Web Developer 2008 Express Edition.lnk
[2010/12/26 14:20:23 | 000,000,112 | ---- | C] () -- C:\ProgramData\366701R1.dat
[2010/07/27 08:58:54 | 000,000,283 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/16 00:18:18 | 000,000,680 | ---- | C] () -- C:\Users\Mum and Dad\AppData\Local\d3d9caps.dat
[2010/02/02 10:01:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 22:33:29 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/06 13:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/06 08:22:21 | 000,000,733 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/23 02:10:58 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/02 12:52:51 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/27 01:20:23 | 000,008,704 | ---- | C] () -- C:\Users\Mum and Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 17:23:07 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2009/01/06 17:19:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/01/06 17:19:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/01/06 17:19:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/01/06 17:19:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/01/06 17:16:58 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2009/01/06 17:16:44 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/01/06 17:16:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2008/12/30 15:38:49 | 000,666,344 | ---- | C] () -- C:\Program Files\HC2Setup.exe
[2008/12/14 13:33:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/10 17:49:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/12/10 17:49:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/12/10 17:49:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/12/10 17:49:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/12/10 17:49:05 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/12/10 17:49:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/23 02:58:00 | 025,089,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/05/01 13:47:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/01 10:08:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/01 07:36:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/25 13:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/25 13:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/25 13:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/25 13:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/25 13:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/25 13:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/03/24 06:44:45 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/10 05:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/24 10:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 16:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2006/07/21 07:07:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/07/11 03:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011/01/22 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Gatoad
[2011/01/26 00:08:54 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Loavy
[2009/01/24 08:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\OpenOffice.org
[2010/12/25 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Ubisoft
[2011/01/26 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Ucebx
[2011/01/26 03:54:04 | 000,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Zadica
[2011/01/29 15:02:36 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/29 15:08:59 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{889C58AA-C16F-4E1A-8A5B-CBF668F68B6F}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èû:pctlsp.log
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7E95B6FD

< End of report >

boredguy 0 Newbie Poster · Answer 6 · 2011-01-29T11:54:13+00:00

boredguy 0 Newbie Poster

13 Years Ago

What can't you see?

boredguy 0 Newbie Poster · Answer 7 · 2011-01-29T13:43:59+00:00

Ah, i was still running the scan so i couldn't post it, here is the MBA-M log now though.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5633

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

29/01/2011 6:34:22 PM
mbam-log-2011-01-29 (18-34-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 464378
Time elapsed: 3 hour(s), 3 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\Users\mum and dad\wuaucldt.exe (Trojan.Downloader) -> 4068 -> Unloaded process successfully.

Memory Modules Infected:
c:\programdata\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F8392C5D-2966-7A2E-B13C-77E630273004} (Trojan.Zbot.Gen) -> Value: {F8392C5D-2966-7A2E-B13C-77E630273004} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
c:\Users\mum and dad\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\mum and dad\AppData\Roaming\Zadica\wutuh.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3938634844-1446963328-1823835263-1000\$RITGDEZ.exe (Application.ActualSpy) -> Quarantined and deleted successfully.
c:\Users\Bianca\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\cyin.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\bjietsiz.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\oxiaplec.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\mum and dad\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

boredguy 0 Newbie Poster · Answer 8 · 2011-01-29T15:10:59+00:00

Ummm seems to be quite well... I have not had my screen freeze and i seem to be getting no errors, i won't fully know until i have used it for a couple of hours.

What are you expecting?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 9 · 2011-01-29T15:13:47+00:00

Considering there has been quite a lot of malware removed, we were at a stage where I need to know how those removals have affected the PC :).

Give it a few more hours of solid use and let me know how it is then.
Can you see 'C' drive now in management?

boredguy 0 Newbie Poster · Answer 10 · 2011-01-29T16:42:06+00:00

Alright, after further use, i cannot see ANY problems at all. The C drive is now visible in management, it has not frozen in quite some time (used to be several times each day) I can now use chrome and other programs that were previously not working. In fact i am using chrome now :)

No errors have popped up since the last reboot. And performance seems to be far better then it was this time last week. I will come back if there are any problems but for now everything appears perfect.

I want to thank you crunchie for taking the time to help me, it had me at the point of buying a new computer! I felt like i had tried everything!

So thanks for everything, and if there is anything you want me to do in return, please ask!! I couldn't be happier with how this turned out

Thanks a million
Rob :D

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2011-01-29T17:41:43+00:00

You are very welcome :). I love a happy ending.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

boredguy 0 Newbie Poster · Answer 12 · 2011-01-29T18:58:32+00:00

Is there any particular reason i should? I want to keep them around just in case this happens again :) Unless of course there is a reason to be rid of them.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2011-01-29T19:47:59+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

They will be out of date the next time you want them :)

boredguy 0 Newbie Poster · Answer 14 · 2011-01-29T20:40:14+00:00

And i hope they are well out of date by the next time i need them too. Thanks once again for your help, i really appreciate it.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2011-01-30T06:33:01+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

No worries :)

Antimalware doctor and rootkits

Recommended Answers Collapse Answers

All 20 Replies

Recommended Answers