Google Redirects and unauthorized attempts to connect to Sites, Vista

Solved
By Demianwulf
Oct 29, 2010
Topic Status:
Not open for further replies.
  1. My computer is getting google redirects to ad sites. These sites attempt to connect to the internet 199.80.55.19, cljkcpixelabn.com, and z0g7yail0.com. The computer did get some BSOD's, but I did not write down the error code unfortuantely. I since

    Here are my logs per the 8 steps, but the Attach.txt file could not be found even though DDS program seemed to run right not sure where I can find it I'll try again:

    My theory is that I downloaded and installed something questionable considering I have this other problem with this laptop being my wifi network device has disappeared and no matter how many drivers, reinstalls I have done it won't reapppear. I installed a bunch of dumb driver finder programs as a last resort to try to restore functionality, but to no avail. I'm assuming one of these installs is the culprit...

    I have since run numerous scans with Avast, Spybot, Kaspersky, Hijackthis and Malwarebytes. My original run of Malwarebytes included this in the log: Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. The log below is the current run.



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4982

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    10/29/2010 12:24:15 AM
    mbam-log-2010-10-29 (00-24-15).txt

    Scan type: Quick scan
    Objects scanned: 173972
    Time elapsed: 13 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-26 17:02:54
    Windows 6.0.6002 Service Pack 2
    Running: 2u2b3yrc.exe; Driver: C:\Users\WulfTop\AppData\Local\Temp\fxldqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x93333F8E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x93334F5C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x93334174]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x933333FA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x93333BF4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x933332DC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x93333A82]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x93334C16]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x93332EA2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x93332CD4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x93334898]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9333367E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x93333DD0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x93332A04]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9333390E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x93332B7C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x933353C6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x93334634]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x93334A46]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x93333618]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x93333802]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x933331A6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x93333074]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x93334280]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 119 83CE087C 4 Bytes [8E, 3F, 33, 93]
    .text ntkrnlpa.exe!KeSetEvent + 13D 83CE08A0 8 Bytes [5C, 4F, 33, 93, 74, 41, 33, ...] {POP ESP; DEC EDI; XOR EDX, [EBX-0x6cccbe8c]}
    .text ntkrnlpa.exe!KeSetEvent + 1C1 83CE0924 4 Bytes CALL B70203AC
    .text ntkrnlpa.exe!KeSetEvent + 1D9 83CE093C 4 Bytes [F4, 3B, 33, 93] {HLT ; CMP ESI, [EBX]; XCHG EBX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 205 83CE0968 4 Bytes [DC, 32, 33, 93]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83E0B28F 5 Bytes JMP 843E85D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 83E64063 5 Bytes JMP 843E9FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1200BEVS-22UST0___________________01.01A01#4&9de862a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by WulfTop at 18:01:49.76 on Tue 10/26/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.759 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\iashost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\WulfTop\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
    mURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
    mURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    StartupFolder: c:\users\wulftop\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\users\wulftop\appdata\roaming\microsoft\windows\start menu\programs\absolute poker\Absolute Poker.lnk
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
    TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\wulftop\appdata\roaming\mozilla\firefox\profiles\xivfcrut.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\users\wulftop\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\users\wulftop\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-20 165584]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-7 130960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-7 29520]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-10-8 25896]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-20 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-20 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
    R2 InquisitorService;Inquisitor Service;c:\program files\yahoo!\inquisitor\InquisitorService.exe [2008-10-17 185624]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-1-10 809296]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-18 21504]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-10-22 251904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-23 16:42:26 -------- d-----w- c:\progra~2\eMule
    2010-10-23 14:46:08 -------- d-----w- c:\users\wulftop\appdata\local\eMule
    2010-10-23 14:46:05 -------- d-----w- c:\program files\eMule
    2010-10-22 08:05:19 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2010-10-22 07:52:30 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2010-10-22 07:49:29 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
    2010-10-20 15:58:33 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-10-20 15:58:33 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-20 15:57:44 -------- d-----w- c:\users\wulftop\appdata\local\Microsoft Game Studios
    2010-10-20 15:57:22 -------- d-----w- c:\progra~2\Microsoft Games
    2010-10-20 15:55:40 -------- d-----w- c:\users\wulftop\appdata\roaming\Microsoft Game Studios
    2010-10-20 01:43:41 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    2010-10-12 15:17:06 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-10-12 15:17:06 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-10-12 14:59:22 526184 ----a-w- c:\windows\system32\XceedCry.dll
    2010-10-12 14:59:22 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
    2010-10-12 14:59:22 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
    2010-10-12 14:59:22 132880 ----a-w- c:\windows\system32\Msinet.ocx
    2010-10-12 14:59:22 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
    2010-10-12 14:59:21 -------- d-----w- c:\program files\Driver Magician
    2010-10-12 14:43:49 -------- d-----w- c:\users\wulftop\appdata\roaming\GetRightToGo
    2010-10-12 14:14:41 -------- d-----w- c:\program files\Driver-Soft
    2010-10-12 13:12:54 -------- d-----w- C:\dell
    2010-10-08 19:23:30 337920 ----a-w- c:\windows\system\rtl8187B.sys
    2010-10-08 19:23:29 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2010-10-08 18:33:22 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
    2010-10-08 18:33:22 361472 ----a-w- c:\windows\system\RTL85n86.sys
    2010-10-08 18:33:18 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
    2010-10-08 18:33:17 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
    2010-10-08 04:20:44 -------- d-----w- c:\users\wulftop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    2010-10-08 02:57:00 -------- d-----w- c:\program files\MozBackup
    2010-10-07 21:56:47 -------- d-----w- c:\users\wulftop\{8517c860-6671-4a8c-8483-66ad267c2024}
    2010-10-07 04:15:36 -------- d-----w- c:\progra~2\Samsung
    2010-09-29 13:24:59 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 13:22:57 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-28 03:03:16 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
    2010-09-28 03:03:16 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
    2010-09-28 02:55:23 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-09-28 02:41:20 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-09-28 02:41:15 -------- d-----w- c:\program files\Realtek
    2010-09-28 02:38:07 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-09-28 01:40:48 26496 ----a-w- c:\windows\system32\USBSTOR.SYS
    2010-09-26 22:45:11 13031 ----a-w- c:\users\wulftop\www.blogger.com

    ==================== Find3M ====================

    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 18:03:25.26 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Welcome aboard :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  3. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    2010/10/29 10:45:51.0745 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/10/29 10:45:51.0745 ================================================================================
    2010/10/29 10:45:51.0745 SystemInfo:
    2010/10/29 10:45:51.0745
    2010/10/29 10:45:51.0745 OS Version: 6.0.6002 ServicePack: 2.0
    2010/10/29 10:45:51.0745 Product type: Workstation
    2010/10/29 10:45:51.0745 ComputerName: WULFTOP
    2010/10/29 10:45:51.0746 UserName: WulfTop
    2010/10/29 10:45:51.0746 Windows directory: C:\Windows
    2010/10/29 10:45:51.0746 System windows directory: C:\Windows
    2010/10/29 10:45:51.0746 Processor architecture: Intel x86
    2010/10/29 10:45:51.0746 Number of processors: 2
    2010/10/29 10:45:51.0746 Page size: 0x1000
    2010/10/29 10:45:51.0746 Boot type: Normal boot
    2010/10/29 10:45:51.0746 ================================================================================
    2010/10/29 10:45:52.0456 Initialize success
    2010/10/29 10:45:55.0500 ================================================================================
    2010/10/29 10:45:55.0500 Scan started
    2010/10/29 10:45:55.0500 Mode: Manual;
    2010/10/29 10:45:55.0500 ================================================================================
    2010/10/29 10:45:56.0620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/10/29 10:45:56.0696 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/10/29 10:45:56.0764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/10/29 10:45:56.0824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/10/29 10:45:56.0881 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/10/29 10:45:56.0987 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/10/29 10:45:57.0097 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    2010/10/29 10:45:57.0184 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/10/29 10:45:57.0261 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/10/29 10:45:57.0310 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/10/29 10:45:57.0352 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/10/29 10:45:57.0388 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/10/29 10:45:57.0439 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/10/29 10:45:57.0480 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/10/29 10:45:57.0588 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/10/29 10:45:57.0632 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/10/29 10:45:57.0707 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
    2010/10/29 10:45:57.0793 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/10/29 10:45:57.0845 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/10/29 10:45:57.0913 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/10/29 10:45:57.0995 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/10/29 10:45:58.0070 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/10/29 10:45:58.0150 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/10/29 10:45:58.0205 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/10/29 10:45:58.0338 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/10/29 10:45:58.0484 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/10/29 10:45:58.0534 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/10/29 10:45:58.0576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/10/29 10:45:58.0654 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/10/29 10:45:58.0696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/10/29 10:45:58.0731 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/10/29 10:45:58.0763 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/10/29 10:45:58.0811 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/10/29 10:45:58.0889 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/10/29 10:45:58.0969 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/10/29 10:45:59.0025 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/10/29 10:45:59.0140 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/10/29 10:45:59.0229 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/10/29 10:45:59.0297 cmdGuard (95b4dee20d89403d636dca2be73742cb) C:\Windows\system32\DRIVERS\cmdguard.sys
    2010/10/29 10:45:59.0364 cmdHlp (12186867f48b4817c58d45f268fda3d5) C:\Windows\system32\DRIVERS\cmdhlp.sys
    2010/10/29 10:45:59.0411 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/10/29 10:45:59.0468 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/10/29 10:45:59.0507 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/10/29 10:45:59.0564 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/10/29 10:45:59.0644 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/10/29 10:45:59.0733 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/10/29 10:45:59.0831 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/10/29 10:45:59.0907 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/10/29 10:45:59.0978 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/10/29 10:46:00.0067 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/10/29 10:46:00.0148 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/10/29 10:46:00.0258 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/10/29 10:46:00.0321 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/10/29 10:46:00.0373 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/10/29 10:46:00.0450 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/10/29 10:46:00.0493 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/10/29 10:46:00.0536 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/10/29 10:46:00.0608 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/10/29 10:46:00.0681 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/10/29 10:46:00.0732 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/10/29 10:46:00.0807 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/10/29 10:46:00.0892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/10/29 10:46:00.0951 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/10/29 10:46:00.0987 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/10/29 10:46:01.0073 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/10/29 10:46:01.0132 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/10/29 10:46:01.0206 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/10/29 10:46:01.0261 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/10/29 10:46:01.0327 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/10/29 10:46:01.0416 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/10/29 10:46:01.0471 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/10/29 10:46:01.0690 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/10/29 10:46:01.0846 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/10/29 10:46:01.0941 Inspect (1d79596c08a0153335021ade850a0710) C:\Windows\system32\DRIVERS\inspect.sys
    2010/10/29 10:46:02.0005 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/10/29 10:46:02.0071 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/10/29 10:46:02.0155 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/10/29 10:46:02.0237 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/10/29 10:46:02.0280 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/10/29 10:46:02.0324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/10/29 10:46:02.0382 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/10/29 10:46:02.0458 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/10/29 10:46:02.0503 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/10/29 10:46:02.0545 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/10/29 10:46:02.0608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/10/29 10:46:02.0685 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/10/29 10:46:02.0780 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/10/29 10:46:02.0903 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/10/29 10:46:02.0973 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/10/29 10:46:03.0033 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/10/29 10:46:03.0081 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/10/29 10:46:03.0134 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/10/29 10:46:03.0175 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/10/29 10:46:03.0228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/10/29 10:46:03.0281 LUsbFilt (ff1c2f90d40a2e52649937854e175987) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2010/10/29 10:46:03.0369 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/10/29 10:46:03.0445 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/10/29 10:46:03.0504 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
    2010/10/29 10:46:03.0573 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/10/29 10:46:03.0692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/10/29 10:46:03.0732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/10/29 10:46:03.0789 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/10/29 10:46:03.0838 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/10/29 10:46:03.0888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/10/29 10:46:03.0966 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/10/29 10:46:04.0033 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/10/29 10:46:04.0120 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/10/29 10:46:04.0163 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/10/29 10:46:04.0212 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/10/29 10:46:04.0257 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2010/10/29 10:46:04.0341 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/10/29 10:46:04.0413 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/10/29 10:46:04.0476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/10/29 10:46:04.0534 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/10/29 10:46:04.0658 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/10/29 10:46:04.0723 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/10/29 10:46:04.0870 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/10/29 10:46:04.0951 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/10/29 10:46:05.0017 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/10/29 10:46:05.0069 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/10/29 10:46:05.0171 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/10/29 10:46:05.0257 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/10/29 10:46:05.0341 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/10/29 10:46:05.0386 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/10/29 10:46:05.0460 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/10/29 10:46:05.0505 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/10/29 10:46:05.0539 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/10/29 10:46:05.0603 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/10/29 10:46:05.0748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/10/29 10:46:05.0820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/10/29 10:46:05.0858 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/10/29 10:46:06.0048 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/10/29 10:46:06.0193 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/10/29 10:46:06.0283 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/10/29 10:46:06.0330 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/10/29 10:46:06.0381 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/10/29 10:46:06.0426 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/10/29 10:46:06.0579 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/10/29 10:46:06.0693 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/10/29 10:46:06.0768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/10/29 10:46:06.0806 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/10/29 10:46:06.0954 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/10/29 10:46:06.0997 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2010/10/29 10:46:07.0044 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/10/29 10:46:07.0130 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/10/29 10:46:07.0208 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/10/29 10:46:07.0403 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/10/29 10:46:07.0453 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/10/29 10:46:07.0570 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/10/29 10:46:07.0644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/10/29 10:46:07.0731 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/10/29 10:46:07.0809 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/10/29 10:46:07.0882 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/10/29 10:46:07.0954 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/10/29 10:46:08.0052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/10/29 10:46:08.0263 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/10/29 10:46:08.0342 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/10/29 10:46:08.0393 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/10/29 10:46:08.0678 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/10/29 10:46:08.0999 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/10/29 10:46:09.0133 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/10/29 10:46:09.0301 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/10/29 10:46:09.0392 RTL8169 (2dd5dd25fb68975d094ae57d46097f48) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2010/10/29 10:46:09.0609 RTL8187B (73284ef4fdeb8d7ab36b6b4714db393e) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2010/10/29 10:46:09.0676 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
    2010/10/29 10:46:09.0793 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/10/29 10:46:09.0873 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
    2010/10/29 10:46:09.0936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/10/29 10:46:10.0002 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/10/29 10:46:10.0046 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/10/29 10:46:10.0190 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/10/29 10:46:10.0344 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/10/29 10:46:10.0382 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/10/29 10:46:10.0440 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/10/29 10:46:10.0561 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/10/29 10:46:10.0654 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/10/29 10:46:10.0725 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/10/29 10:46:10.0813 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/10/29 10:46:10.0894 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/10/29 10:46:11.0014 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/10/29 10:46:11.0169 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2010/10/29 10:46:11.0252 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2010/10/29 10:46:11.0320 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/10/29 10:46:11.0423 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    2010/10/29 10:46:11.0525 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/10/29 10:46:11.0610 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/10/29 10:46:11.0648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/10/29 10:46:11.0694 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/10/29 10:46:11.0760 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/10/29 10:46:12.0001 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/10/29 10:46:12.0192 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/10/29 10:46:12.0366 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/10/29 10:46:12.0458 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/10/29 10:46:12.0533 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/10/29 10:46:12.0650 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/10/29 10:46:12.0718 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/10/29 10:46:12.0887 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/10/29 10:46:12.0964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/10/29 10:46:13.0043 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/10/29 10:46:13.0125 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/10/29 10:46:13.0201 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/10/29 10:46:13.0346 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/10/29 10:46:13.0419 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/10/29 10:46:13.0467 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/10/29 10:46:13.0539 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/10/29 10:46:13.0619 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/10/29 10:46:13.0915 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
    2010/10/29 10:46:14.0270 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/10/29 10:46:14.0498 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/10/29 10:46:14.0597 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/10/29 10:46:14.0684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/10/29 10:46:14.0742 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/10/29 10:46:14.0815 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/10/29 10:46:14.0856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/10/29 10:46:15.0028 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/10/29 10:46:15.0145 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
    2010/10/29 10:46:15.0249 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/10/29 10:46:15.0308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/10/29 10:46:15.0364 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/10/29 10:46:15.0412 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/10/29 10:46:15.0483 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/10/29 10:46:15.0551 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/10/29 10:46:15.0639 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/10/29 10:46:15.0723 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/10/29 10:46:15.0769 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/10/29 10:46:15.0853 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/10/29 10:46:15.0925 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/29 10:46:15.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/29 10:46:16.0038 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/10/29 10:46:16.0123 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/10/29 10:46:16.0325 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
    2010/10/29 10:46:16.0509 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/10/29 10:46:16.0616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/10/29 10:46:16.0696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/10/29 10:46:16.0793 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/10/29 10:46:16.0973 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/10/29 10:46:16.0982 ================================================================================
    2010/10/29 10:46:16.0982 Scan finished
    2010/10/29 10:46:16.0982 ================================================================================
    2010/10/29 10:46:17.0013 Detected object count: 1
    2010/10/29 10:47:33.0506 \HardDisk0\MBR - will be cured after reboot
    2010/10/29 10:47:33.0506 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
    2010/10/29 10:47:51.0248 Deinitialize success
  4. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Gateway
    BIOS Manufacturer: Phoenix Technologies LTD
    System Manufacturer: Gateway
    System Product Name: ML6720
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 138):
    0x83C1A000 \SystemRoot\system32\ntkrnlpa.exe
    0x83FD3000 \SystemRoot\system32\hal.dll
    0x8040C000 \SystemRoot\system32\kdcom.dll
    0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80483000 \SystemRoot\system32\PSHED.dll
    0x80494000 \SystemRoot\system32\BOOTVID.dll
    0x8049C000 \SystemRoot\system32\CLFS.SYS
    0x804DD000 \SystemRoot\system32\CI.dll
    0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80690000 \SystemRoot\system32\drivers\acpi.sys
    0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E7000 \SystemRoot\system32\drivers\pci.sys
    0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
    0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
    0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80783000 \SystemRoot\system32\drivers\intelide.sys
    0x8078A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
    0x84207000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x842E2000 \SystemRoot\system32\drivers\atapi.sys
    0x842EA000 \SystemRoot\system32\drivers\ataport.SYS
    0x84308000 \SystemRoot\system32\drivers\msahci.sys
    0x84311000 \SystemRoot\system32\drivers\fltmgr.sys
    0x84343000 \SystemRoot\system32\drivers\fileinfo.sys
    0x84353000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8980A000 \SystemRoot\system32\drivers\ndis.sys
    0x89915000 \SystemRoot\system32\drivers\msrpc.sys
    0x89940000 \SystemRoot\system32\drivers\NETIO.SYS
    0x89A0D000 \SystemRoot\System32\drivers\tcpip.sys
    0x89AF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89C03000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x89D13000 \SystemRoot\system32\drivers\volsnap.sys
    0x89D4C000 \SystemRoot\System32\Drivers\mup.sys
    0x89D5B000 \SystemRoot\System32\drivers\ecache.sys
    0x89D82000 \SystemRoot\system32\drivers\disk.sys
    0x89D93000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x89DB4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x89DCA000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x89DD3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x89DE2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x89DE6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8E801000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8F100000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F1A1000 \SystemRoot\System32\drivers\watchdog.sys
    0x8E404000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8E491000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8E4D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8E4E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8E4F1000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8E51D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8E51F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8E52A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8E542000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8E571000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8E5B2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8E5BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8E5D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F1AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8E5DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8F1D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8F1E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8E5EE000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x89DEF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8E5FA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8997B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x89BED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x89A00000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x899A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9040E000 \SystemRoot\system32\drivers\stwrt.sys
    0x904B1000 \SystemRoot\system32\drivers\portcls.sys
    0x904DE000 \SystemRoot\system32\drivers\drmk.sys
    0x90606000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x90722000 \SystemRoot\system32\drivers\modem.sys
    0x9072F000 \SystemRoot\System32\DRIVERS\cmdguard.sys
    0x90752000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9075B000 \SystemRoot\System32\Drivers\Null.SYS
    0x90762000 \SystemRoot\System32\Drivers\Beep.SYS
    0x90772000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x90779000 \SystemRoot\System32\drivers\vga.sys
    0x90785000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x907A6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x907AE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x907B6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x907C1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x907CF000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x907D8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x907EE000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x90503000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0x9050D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x9053F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90553000 \SystemRoot\system32\drivers\afd.sys
    0x907F8000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x9059B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x905B1000 \SystemRoot\system32\DRIVERS\inspect.sys
    0x905C6000 \SystemRoot\system32\DRIVERS\rtlprot.sys
    0x905D0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x905DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x905F1000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x899B6000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x843C4000 \SystemRoot\System32\Drivers\dfsc.sys
    0x807A8000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x89DBD000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x89B12000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x93C00000 \SystemRoot\System32\win32k.sys
    0x899F2000 \SystemRoot\System32\drivers\Dxapi.sys
    0x843DB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x93E20000 \SystemRoot\System32\TSDDD.dll
    0x93E40000 \SystemRoot\System32\cdd.dll
    0x807CF000 \SystemRoot\system32\drivers\luafv.sys
    0x805BD000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x907FD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x843EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x81E0F000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x81E39000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x81E43000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x81E56000 \SystemRoot\system32\drivers\HTTP.sys
    0x81EC3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x81EE0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x81EF9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x81F0E000 \SystemRoot\system32\drivers\mrxdav.sys
    0x81F2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x81F4E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x81F87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x81F9F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x8300C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x83072000 \SystemRoot\system32\drivers\peauth.sys
    0x83150000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x83162000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x8316E000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x83184000 \SystemRoot\system32\drivers\tdtcp.sys
    0x8318F000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x8319B000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x772C0000 \Windows\System32\ntdll.dll

    Processes (total 66):
    0 System Idle Process
    4 System
    532 C:\Windows\System32\smss.exe
    600 csrss.exe
    636 C:\Windows\System32\wininit.exe
    656 csrss.exe
    688 C:\Windows\System32\services.exe
    700 C:\Windows\System32\lsass.exe
    708 C:\Windows\System32\lsm.exe
    828 C:\Windows\System32\winlogon.exe
    912 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1116 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\svchost.exe
    1244 C:\Windows\System32\svchost.exe
    1256 C:\Windows\System32\svchost.exe
    1336 C:\Windows\System32\audiodg.exe
    1440 C:\Windows\System32\svchost.exe
    1472 C:\Windows\System32\svchost.exe
    1728 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    2020 C:\Windows\System32\spoolsv.exe
    2044 C:\Windows\System32\svchost.exe
    1480 C:\Windows\System32\agrsmsvc.exe
    1176 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1584 C:\Program Files\Bonjour\mDNSResponder.exe
    892 C:\Windows\System32\svchost.exe
    296 C:\Program Files\FolderSize\FolderSizeSvc.exe
    1664 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1552 C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
    1436 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    2080 C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    2168 C:\Windows\System32\svchost.exe
    2276 C:\Windows\System32\svchost.exe
    2292 C:\Windows\System32\svchost.exe
    2320 C:\Windows\System32\VSSVC.exe
    2412 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2500 C:\Windows\System32\SearchIndexer.exe
    2584 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2628 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3020 iashost.exe
    3052 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3408 C:\Windows\System32\taskeng.exe
    3452 C:\Windows\System32\dwm.exe
    3496 C:\Windows\explorer.exe
    3728 C:\Windows\System32\taskeng.exe
    3864 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3880 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3904 C:\Program Files\PowerISO\PWRISOVM.EXE
    3920 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    3928 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3956 C:\Windows\System32\igfxtray.exe
    4004 C:\Windows\System32\hkcmd.exe
    4020 C:\Windows\System32\igfxpers.exe
    4032 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    2768 C:\Windows\System32\igfxsrvc.exe
    772 C:\Windows\System32\wbem\unsecapp.exe
    3680 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    1708 WmiPrvSE.exe
    3188 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    3264 C:\Windows\System32\svchost.exe
    1912 C:\Windows\System32\mobsync.exe
    3208 C:\Windows\servicing\TrustedInstaller.exe
    3716 C:\Program Files\Mozilla Firefox\firefox.exe
    2608 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5820 C:\Users\WulfTop\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1200BEVS-22UST0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  5. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Hi, Thanks for the help...Great site btw.
  6. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Thank you :)

    How is redirection?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    ComboFix 10-10-28.09 - WulfTop 10/30/2010 1:26.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1170 [GMT -4:00]
    Running from: c:\users\WulfTop\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\users\WulfTop\AppData\Roaming\inst.exe
    c:\windows\system32\Temp

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 05:41 . 2010-10-30 05:42 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
    2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
    2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
    2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
    2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
    2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
    2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
    2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
    2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
    2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
    2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
    2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
    2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
    2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
    2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
    2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
    2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
    2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
    2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
    2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
    2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
    2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
    2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
    2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
    2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

    c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2010-9-1 225280]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
    2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    "PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
    "SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
    "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TaskTray"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *Deregistered* - ASPI32

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

    2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
    TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 01:42
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\uifwimtmysbdvcd]
    "imagepath"="\??\c:\windows\TEMP\7B1B.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(828)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(700)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2010-10-30 01:46:47
    ComboFix-quarantined-files.txt 2010-10-30 05:46

    Pre-Run: 15,945,801,728 bytes free
    Post-Run: 16,145,473,536 bytes free

    Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,5,6,7
    - - End Of File - - F9CCD0E66E0B2BBD214B69F44D60CF06
  8. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    You didn't say how is redirection.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\uifwimtmysbdvcd]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  9. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    The Redirects where to ad sites, but unfortunately I didn't write any of them down I closed the tabs immediately.

    I ran Combofix like instructed with the text file, but after I finished running it and the log files popped up...I was not able to save them because the computer kept giving an error saying something along the lines that Notepad could not be opened because a registry key was scheduled for deletion more or less. Same error with firefox when I tried to open it so I rebooted and all is well now. Here is the first log that saved as a temp file, but the second is gone I assume.

    SHould I run it again...the second log file did mention some things that were deleted.

    ComboFix 10-10-28.09 - WulfTop 10/30/2010 13:58:13.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.889 [GMT -4:00]
    Running from: c:\users\WulfTop\Desktop\ComboFix.exe
    Command switches used :: c:\users\WulfTop\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
    2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
    2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
    2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
    2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
    2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
    2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
    2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
    2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
    2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
    2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
    2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
    2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
    2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
    2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
    2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
    2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
    2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
    2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
    2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
    2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
    2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
    2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
    2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
    2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

    c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2010-9-1 225280]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
    2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    "PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
    "SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
    "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TaskTray"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *Deregistered* - ASPI32

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

    2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
    TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 14:12
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(828)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(700)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'Explorer.exe'(1796)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    Completion time: 2010-10-30 14:16:06
    ComboFix-quarantined-files.txt 2010-10-30 18:16
    ComboFix2.txt 2010-10-30 05:46

    Pre-Run: 14,998,388,736 bytes free
    Post-Run: 12,818,018,304 bytes free

    Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,5,6,7
    - - End Of File - - E26FAC470528BA1F037E2DD47A4D0843
  10. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Restart computer and it'll fix the issue.
    I'll review your log meanwhile.
  11. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Re-run my Combofix script one more time.
     
  12. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Here's my rerun of the Combofix script.

    ComboFix 10-10-28.09 - WulfTop 10/31/2010 15:42:49.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1009 [GMT -4:00]
    Running from: c:\users\WulfTop\Desktop\ComboFix.exe
    Command switches used :: c:\users\WulfTop\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
    .

    2010-10-31 19:54 . 2010-10-31 19:55 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
    2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
    2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
    2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
    2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
    2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
    2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
    2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
    2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
    2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
    2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
    2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
    2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
    2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
    2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
    2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
    2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
    2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
    2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
    2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
    2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
    2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
    2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
    2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
    2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
    2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
    2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
    2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
    2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
    2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

    c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2010-9-1 225280]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
    2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    "PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
    "SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
    "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TaskTray"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *Deregistered* - ASPI32

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

    2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
    TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-31 15:54
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5960)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    Completion time: 2010-10-31 15:58:07
    ComboFix-quarantined-files.txt 2010-10-31 19:58
    ComboFix2.txt 2010-10-30 18:16
    ComboFix3.txt 2010-10-30 05:46

    Pre-Run: 9,432,739,840 bytes free
    Post-Run: 9,275,273,216 bytes free

    Current=6 Default=6 Failed=5 LastKnownGood=6 Sets=1,5,6,7
    - - End Of File - - D4C5D934828038A9A97F330AC82F72FB
  13. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    It looks good :)
    Still redirected?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Problem escalated I'm on my phone now because I can't connect to the internet on the computer only google.

    I was running the otl like in the last post and it ran successfully but before I could post the results a microsoft security essential alert popped up then restarted the computer. After the reboot the personalization fails with an error sayinf failed to connect to windows services.

    I ran avast in boot time scan and it picked up alureon-ka virus and said avast was infected to I believe....not sure what to do now.
    So weird can't connect to any sites but can run google searches.
  15. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Did you try to boot to Safe Mode with Networking to see, if you have same problem there?
  16. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    I did computer reboots before I can get it....I think its svchost.exe because there wa one in msconfig startup in the program files internet explorer...I disabled it.
  17. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Well it is the svchost.exe because i killed the process in task manager and now I can connect to the internet again to other sites besides google.
  18. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please, post OTL log then...
  19. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    OTL logfile created on: 10/31/2010 4:34:03 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\WulfTop\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 8.54 Gb Free Space | 7.64% Space Free | Partition Type: NTFS

    Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2010/02/07 22:27:23 | 002,334,992 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
    PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
    PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/01/18 23:33:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
    PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
    PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
    MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
    MOD - [2008/01/18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
    MOD - [2006/11/02 08:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
    SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
    DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
    DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
    DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
    DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 46 3E 08 EC 71 CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: false
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: hidecaptionplus-dp@dummy.addons.mozilla.org:2.0.2
    FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
    FF - prefs.js..extensions.enabledItems: {ee56ecf0-6e7a-479a-8162-e123a991c7e7}:0.4.6
    FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: tabsontop-darthpalpatine@dummy.addons.mozilla.org:1.4.4
    FF - prefs.js..extensions.enabledItems: fatcash@fatwallet.com:1.24.157
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 10:53:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 10:53:31 | 000,000,000 | ---D | M]

    [2008/06/19 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Extensions
    [2010/10/30 14:35:23 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions
    [2009/09/28 20:43:20 | 000,000,000 | ---D | M] (Hide Caption) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{002349F5-59AB-4fdc-8329-BF4248243C95}
    [2010/10/29 10:55:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    [2010/10/25 23:26:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/05/05 12:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/06/07 23:07:08 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2010/08/28 16:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/08/28 16:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/24 10:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/04/09 19:56:00 | 000,000,000 | ---D | M] (autoHideStatusbar) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{ee56ecf0-6e7a-479a-8162-e123a991c7e7}
    [2009/01/14 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\betteryoutube@ginatrapani.org
    [2010/04/09 19:49:36 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\CompactMenuCE@Merci.chao
    [2010/10/31 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\fatcash@fatwallet.com
    [2010/10/04 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com
    [2010/08/31 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxyproxy@eric.h.jung
    [2010/10/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
    [2009/11/05 16:34:48 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\nosquint@urandom.ca
    [2010/06/13 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
    [2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\searchplugins\askcom.xml
    [2010/10/30 14:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - Startup: C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
    O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.241,93.188.160.51
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
    O24 - Desktop BackupWallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
    O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
    O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msaudio1 - msaud32.acm File not found
    Drivers32: msacm.msg723 - msg723.acm File not found
    Drivers32: msacm.sl_anet - sl_anet.acm File not found
    Drivers32: msacm.trspch - tssoft32.acm File not found
    Drivers32: msacm.voxacm160 - vct3216.acm File not found
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - DivX.dll File not found
    Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - frapsvid.dll File not found
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.M261 - msh261.drv File not found
    Drivers32: vidc.M263 - msh263.drv File not found
    Drivers32: VIDC.MSUD - msulvc05.dll File not found
    Drivers32: VIDC.VP40 - vp4vfw.dll File not found
    Drivers32: vidc.VP60 - vp6vfw.dll File not found
    Drivers32: vidc.VP61 - vp6vfw.dll File not found
    Drivers32: vidc.VP62 - vp6vfw.dll File not found
    Drivers32: vidc.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
    Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
    Drivers32: vidc.X264 - x264vfw.dll File not found
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
    Drivers32: wave5 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave6 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave7 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave8 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/31 16:31:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    [2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\temp
    [2010/10/31 15:56:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/31 15:40:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
    [2010/10/23 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\eMule
    [2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
    [2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
    [2010/10/20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\Microsoft Game Studios
    [2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
    [2010/10/20 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\Microsoft Game Studios
    [2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
    [2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
    [2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
    [2010/10/12 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
    [2010/10/12 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Documents\DriverGenius
    [2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
    [2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
    [2010/10/08 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\InstallShield
    [2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
    [2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
    [2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
    [2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
    [2010/10/08 00:20:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    [2010/10/07 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\BACKUP STUFF
    [2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
    [2010/10/07 17:56:47 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    [2010/10/07 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\ROOT STUFF
    [2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2010/10/03 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\The Thanos Imperative - Ignition 01 (2010) (Minutemen-DTs)
    [2008/06/20 15:12:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WulfTop\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========
  20. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    [2010/10/31 16:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    [2010/10/31 16:10:10 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/31 16:10:10 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/31 16:02:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2010/10/31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/31 15:59:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/30 01:15:38 | 003,894,257 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
    [2010/10/29 11:19:21 | 000,585,997 | ---- | M] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
    [2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/10/27 04:22:36 | 245,033,677 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/10/26 15:41:45 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
    [2010/10/25 23:17:45 | 000,050,860 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    [2010/10/19 23:48:05 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
    [2010/10/13 20:25:05 | 000,162,304 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/11 00:19:09 | 000,001,356 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
    [2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/08 09:47:50 | 000,035,342 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
    [2010/10/04 17:50:27 | 000,072,329 | ---- | M] () -- C:\Users\WulfTop\Documents\sq.wma

    ========== Files Created - No Company Name ==========

    [2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/30 01:22:40 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/30 01:15:38 | 003,894,257 | R--- | C] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
    [2010/10/29 11:19:20 | 000,585,997 | ---- | C] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
    [2010/10/26 15:37:57 | 245,033,677 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/10/25 23:17:41 | 000,050,860 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    [2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
    [2010/10/08 09:47:47 | 000,035,342 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
    [2010/10/04 22:14:20 | 000,000,025 | ---- | C] () -- C:\Users\WulfTop\EPIC accesories.txt
    [2010/10/04 17:50:26 | 000,072,329 | ---- | C] () -- C:\Users\WulfTop\Documents\sq.wma
    [2010/10/04 16:38:53 | 000,000,053 | ---- | C] () -- C:\Users\WulfTop\SPRINT EPIC.txt
    [2010/10/02 02:01:15 | 019,551,390 | ---- | C] () -- C:\Users\WulfTop\Desktop\01 Thanos Quest - 01 - Schemes & Dreams.cbr
    [2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/03/16 15:46:28 | 000,000,036 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\housecall.guid.cache
    [2010/03/16 10:32:08 | 000,301,640 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\farm.bmp
    [2010/03/16 10:19:25 | 000,030,595 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\settings.dat
    [2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/04/08 08:04:53 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\PUTTY.RND
    [2009/04/07 23:21:00 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\winscp.rnd
    [2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
    [2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/06/20 21:35:37 | 000,000,540 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\AutoGK.ini
    [2008/06/20 15:15:38 | 000,000,668 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\vso_ts_preview.xml
    [2008/06/20 15:14:07 | 000,000,034 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.log
    [2008/06/20 15:12:38 | 000,007,887 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.cat
    [2008/06/20 15:12:26 | 000,001,144 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.inf
    [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/12/27 21:34:36 | 000,162,304 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
    [2007/12/26 21:00:33 | 000,001,356 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
    [2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
    [2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
    [2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

    ========== LOP Check ==========

    [2010/01/16 10:11:44 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\abgx360
    [2010/01/18 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\cYo
    [2008/12/27 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\DAEMON Tools
    [2010/08/31 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\FrostWire
    [2010/02/15 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Galactic Magnate
    [2010/10/12 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
    [2007/12/26 23:27:54 | 000,000,000 | -H-D | M] -- C:\Users\WulfTop\AppData\Roaming\ijjigame
    [2009/02/12 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\ImgBurn
    [2010/01/02 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\My ClickOnce Applications
    [2010/06/08 20:59:56 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Opera
    [2008/06/20 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Publish Providers
    [2010/08/29 23:09:35 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SanDisk
    [2008/06/20 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Sony
    [2010/09/27 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SystemRequirementsLab
    [2010/10/30 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\uTorrent
    [2008/06/20 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\VideoReDo-TVSuite
    [2008/06/20 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Vso
    [2010/10/31 15:59:27 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/10/31 16:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () -- C:\autoruns.chm
    [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
    [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
    [2008/05/02 13:55:58 | 047,787,248 | ---- | M] () -- C:\avg_free_stf_en_8_100a1295.exe
    [2008/06/26 17:51:32 | 000,202,944 | ---- | M] () -- C:\Bookmarks 2008-06-26.json
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/12/26 23:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/10/31 15:58:07 | 000,016,769 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2006/07/28 09:32:44 | 000,007,005 | ---- | M] () -- C:\Eula.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2008/01/04 06:23:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/12/10 17:14:40 | 004,411,392 | ---- | M] (Gabest) -- C:\mplayerc.exe
    [2008/01/04 06:23:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/10/31 16:01:37 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/29 10:47:51 | 000,058,316 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_29.10.2010_10.45.51_log.txt
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2008/11/03 13:13:02 | 000,000,036 | ---- | M] () -- C:\yoyotouchdiamond.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/12/06 20:00:00 | 000,118,784 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\1sK317.dll
    [2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2004/08/05 20:00:00 | 000,030,208 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\x17931u.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/03/18 19:39:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/05/06 12:19:22 | 000,000,286 | -HS- | M] () -- C:\Users\WulfTop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/03/26 21:45:22 | 000,798,176 | ---- | M] () -- C:\Users\WulfTop\Desktop\Backup_20100326.exe
    [2010/10/30 01:15:38 | 003,894,257 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
    [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/02/14 13:53:26 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/02/14 13:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2007/12/26 22:23:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2007/12/26 22:23:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/02/14 13:52:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/12/26 22:11:50 | 000,000,402 | -HS- | M] () -- C:\Users\WulfTop\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/11/07 23:44:19 | 000,000,383 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/03/02 16:33:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1999/09/10 06:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:D282699C
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:66633281
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D2D4B33E

    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    ....and Extras.txt....
  22. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    OTL Extras logfile created on: 10/31/2010 4:34:03 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\WulfTop\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 8.54 Gb Free Space | 7.64% Space Free | Partition Type: NTFS

    Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F80AFE-586F-405F-847B-4AA8CCDD5C1E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{010FF56D-0C93-41BE-A66F-224A5E014595}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{02494C12-0E10-4E39-80A6-FFF0CD07474D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{039F2FDE-FA97-456B-B69E-10C316C4954D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{03D09F67-73F2-4C68-A547-1B0BCF58001E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{0ADEC85A-CB10-47A8-A175-7C4E209C0630}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{0F81FEF2-824A-416C-88D4-6C919EFCAAF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{0F9D434C-725F-4779-A851-32B5E1C70CBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{10371269-3EEF-4658-A2E5-74A0348F2785}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{137810C3-2C8B-4879-8B95-57B55ABE4CAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{141088AF-4D12-4983-9C75-CED914A2E4CF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{142F06D1-C9C9-40B7-B3C4-4E35B88F91F8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{15205484-FE1D-4478-B543-3693DDF395F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{155AE22C-C48B-4B23-B7C1-346429B7CFC4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{155B55DE-886E-43EC-AC87-E11B39798539}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1565AD70-3923-4032-80CB-7B95B8E88C3C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{17B1621A-BB17-4BAF-8150-0496AA0F5746}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{18300B7E-1F20-498F-BD68-FE98BD54B56F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{1BB7C0BD-DB3D-4A55-B09D-010DE0EF1D47}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1BF1330F-74D5-4454-B9E4-A6BC2616AB0E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1D64E61A-E1D7-430F-A281-F0AE285576E8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1DCD47F9-81DB-4C35-9EEE-25AB30A5C2ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{213D4CDE-03CE-41B5-99D2-2A213622977C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{22D92ADB-B00A-49C1-914F-9301C3C7814E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{24716393-CC59-48A4-9387-A17FD565510F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{26EE2E80-E219-4F8A-97A9-FEE06B95B942}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{27172EDA-A0BD-4017-AB2A-93E8283F1E9D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{277ABE95-A167-44E7-8D1F-D5DF08618124}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{2A04E802-3474-4C3A-B160-95369BDA189E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2C68C528-7E39-4AD4-8D7F-2668D43AB3FF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{2E6D829A-2AA3-4D84-B2D7-22576F676E24}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{2EC41837-0472-49ED-8B29-9BF5A583E4D0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2FEA9BE3-AE7A-41F9-B7E3-5A16A5A53ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{30FDA66D-0A83-4F3A-BB19-927BA70154E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{32708442-8F18-44EF-924F-F8241A600D16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3392C83E-E042-43E1-8A84-C56A4807BA4D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{34D8D338-0D68-498D-8684-30AC52068051}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{35BA69C6-ABAB-44B4-BD25-C0ED75D90084}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{35DA5118-C305-458B-A765-5E5C58DAA1E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3800480C-05C2-418D-BDDB-B21F0C713F8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{38EC492A-22E7-4D24-9EE2-B647C44D3474}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{3949223A-CBCC-4D73-8BF1-FCC67DBA8F0A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{3A9CF58A-00E2-40D7-8539-DAA89A224257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3B3FA717-6276-4DAD-A5BD-C67A4128F9B1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3C2E9391-B105-49CB-93BA-229F7D131177}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{3C9220F4-3C57-4F1C-BFFB-A8CAA7ACE9AA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3CA40468-6431-432B-A567-AAC7BCB40E31}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{3EC76907-B608-4C35-A983-D776E5B5215A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{3FF0FD0E-430D-4152-A8F4-9A8D203611AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{40A445BB-B02D-45A0-BFF2-F9C37BA4DFCB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{40F1C466-9CE1-4A77-A3C3-A7E2BB9D1C2E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{42ACC1ED-1DE7-4030-8F12-777425E97E2F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{4755DC46-DC33-4F36-9862-29CC48C85510}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{483E3372-58FF-4BF3-B284-5EA04D8CE97C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4861BC21-E9C1-4065-B9FD-87D03CB8F396}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{4E886FF9-27CC-4587-8B87-C95E29DE1AB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4F0F5160-2768-4C57-90A5-7B5A98E42628}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{4F5345E2-ECDF-47B3-ABF3-A1C52C8AE956}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{51085C9F-DDC8-41E8-9363-4C85368ED5E1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5268D1E5-8058-4E58-91BB-CC782DB7D426}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{52B3E42D-5FDE-4677-8736-7FB498900920}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{537340B0-C168-43F8-8A65-16B694716AD5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{53B5A8AC-CF2F-4C22-A7D1-DB238F9EFB6D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{56E8C710-079A-4DD7-9C77-B63EE2D4809B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{585672F1-AEF6-4D26-BBBC-8ECFFDFF23B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5A0A058D-5798-49C1-B5C2-9EBAEE704A9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5B3C8F0A-6048-4668-A000-7402832B9E8B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{5E774BAE-25D1-4B1A-8157-3521D89CF1AC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5F25950B-5722-4DB2-A8B6-04D36C901E32}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{60917961-D998-4F80-9DD4-DC4A9ADDD889}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{60BAEFAD-73F5-4DBD-813A-813B9889448E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{646FD581-1942-4C78-9F32-5566B8BABF13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{65A629A0-4A44-4CAA-956D-8F03C6DFBC3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{681CC7BE-8268-46B8-8649-E5DBC1779112}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{6CD4FC27-CC60-4B29-86B6-EB9E94CABE2D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{6E9D965C-8C85-4186-8FE4-7B33ADDA2C3E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{70A18C2E-B5CF-4ED1-92B9-9E7A0695941B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{7130441B-E9B4-4DD0-B9E5-A2615C784224}" = rport=137 | protocol=17 | dir=out | app=system |
    "{713B04DE-16FA-479B-9A39-FBB0C35690E5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{747391D3-46B7-44FE-87A0-C3A10F20B441}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{75E2A47C-BF81-41B6-BEDD-9CBDE7551C17}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{75FA01A9-1D14-40F7-B713-D964358123FA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{76CE00F0-B64A-413A-A03C-2A1CF0037B39}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{76E91AE8-1014-4D3D-B81B-619984616CBE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{7790D5CE-D67D-47DC-A2D2-6EEB67BE7355}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{77B428D0-B411-45A7-AF20-CB571C2F529F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{7B13977C-3CD5-4F61-8B67-4506F645A9CD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{7C617E88-05B6-4EEA-B11C-40ECFFE1E5EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{7E549CEF-CE0E-46A3-9C0F-C1EFFA6AF2A2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{8227591A-DF4B-404D-B215-0B223D18CB16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{82AE5482-91A2-4C79-9DB9-BC85CBD9C957}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{83049533-BAEE-4307-A42A-9221391286CB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{84A42A51-7D73-4109-9F5D-E3DDCF053D32}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{895D8A1C-DFED-4941-81AA-106F20E29B5F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{8A1E05AE-A83D-4DB9-8D8A-EC979B086167}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8AA142CC-0C9B-4DD2-BEB2-C7505F6DD214}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{8AFC0736-BB4A-4D4F-BBD3-8DA869CC7B20}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8CCB9618-8AC4-4CED-B2CD-F4C5E006AA5F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{8DA3707B-E5C4-4D15-AB1E-4BF4EAE6789F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8E86998A-042B-4853-B892-3C0A5AE124B5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{91E8B5C9-9F2E-4241-BBA8-7043C6BD3861}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{92EF53CF-BD03-47C1-97CB-5A47173F8AC3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{95958290-4BC7-49DC-9236-4C9E7084DBE4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{9CB28E4D-5507-4263-A4DA-2FBFB285C017}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A19F576A-E1BB-4687-88B6-A2558C008D92}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A37BF5AE-4662-4CC0-8C57-8C7CE14CB347}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A40A1ADD-BA87-43C3-AA9B-35C801ED1EED}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{A557F18C-D712-4873-BED7-08F22B21F6F1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{AACA3EBE-C518-4328-9020-BFD0FD3A0B77}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{AD774923-F8CD-467D-A262-84FD4117E4BC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{ADD5D9CF-6FF1-442E-9245-0E227E70491E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{AE43E139-46A8-43C4-A6C4-578E82A8DA78}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{AE48E564-790D-4526-9E58-0548A4F38EFD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{AF1DAF5E-C138-4563-A0DA-9E94E094E806}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B00CC71E-CA4B-4F22-8FC0-B165D2CFB51C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{B0C64DA9-A1FF-4A02-BFF5-5308338BDD1B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B27D1C9B-8A30-4EF1-8630-6CA705CA6DEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{B3CA32BA-7AC3-4448-9368-FA6D1F48E689}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B4A72791-1BAA-4642-B06C-ABE603BFC683}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{B5D9AE15-210F-4F45-84A3-52DEEA1FF8C7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B5F28172-6C9B-40B5-AB73-460D8884D7B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BC0909C7-850B-44AF-9A32-52A91BD74F12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{BC4FD368-FB1B-43E8-BE4B-B994D0DFD9CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BC62128D-44EA-4BA2-94E1-CF4E36C27EEC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BD30CAA6-DF96-4C29-8D99-2F3EF0222EA1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C0277129-E751-493B-AE6A-6C577EFD21F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{C0C0B1E4-3278-413D-A456-6839144BF4A7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C218C3FD-74B1-4205-92EC-24CF4DF2A3A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{C2ABBBED-601E-44CC-8AA7-4D22B874AAC6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C384AAF1-6B4A-437B-9D5A-FECEA4174C82}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C9FBC920-ABF9-4996-90D1-B30A19F5B9A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CAFE7EBD-61E4-4AFF-A1D1-9DD98CB400DE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{CB3C2834-287D-42A0-8B8C-DE2679A62152}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CD3C3E14-171F-4BCE-997A-FA75F98ECA12}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CDBDB64B-DDBC-4F2C-884C-8118D052F268}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CEC13078-D50B-4105-B458-66155821F9C2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{D49751F4-7AB3-41ED-A012-62CBC6E425D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D53D73E0-32BF-4CFF-835B-4E85DDE24257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D54905E9-BE39-4BCC-8465-F0B4EAC6E03D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D6D638E6-9797-4215-9FE8-0C4F69F292E4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D952AA86-FA86-4D8A-94CE-A77C51129BAE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{DB33281B-6622-4D18-A954-68194DF65A22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{DC3B1832-0FC3-4124-92D4-78B00778CA12}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{DCACE458-05F6-447A-9692-619F0E99A4C1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DD010796-94B9-4753-8CC6-A0FD23196216}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DD2FB93A-CFD2-4F74-90B7-547DD7D1BFDE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E2A914FF-BCC7-4BE7-A137-485D01B08CFF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E601CED7-F036-4DD2-840B-F1847A91202A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EC44FED7-F302-40F7-BFA6-B5BE1426E3F1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{ED31CF14-D32B-47F3-9065-DC09F48FB23D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{ED5D1728-2B4B-4B5A-AA1E-FC8B7A8A6298}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{ED76BA01-03AB-435E-909D-37ABD06EF687}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EDD73E2C-0239-495E-AE00-649C4B74C184}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EF67CC55-54ED-4736-8552-EC34EF0C4D98}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EFCEC70E-77B5-4CDF-B04A-A13954013BBC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{EFEA2412-5843-4CB8-9391-59581AFD1989}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F4CB84C9-CB62-4F00-8E63-7631DD0989F2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F6A3C6B3-8934-4C99-B932-3C032C8B0794}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{F6BC9C84-6B53-47E8-A8CA-27D0327D4BD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{F725F698-358B-4D45-BA54-1BA0DE0F9F26}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{F7F35D45-81A2-4D5E-AB10-F2C03D6DA02B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{F82F1857-A57F-4AEF-82BB-0CEB4AAF9A8E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{F8E55C3B-B70F-49B5-B23D-B57F55BB74BA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{FA31C950-CA6A-4BCE-A1CB-C33E93EEFAB9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{FADBBE4C-2D59-4B04-9607-9C073B3E969F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{FCD859DD-3984-4758-A161-15C404E0AC11}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{FECAA902-4191-49A6-97B6-A2270E0699DB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{002D5E9B-5DAD-4B3B-944B-221B70BBDD4A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{03382582-BFB1-47A1-8A16-D8AE1065818D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{03DCE02C-6901-43D1-9A67-9379502D5A55}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{03FB49E4-4D82-4ADD-8D0B-45F16A276814}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0407F2A4-CD73-47DE-8DF4-6E7770E441DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{04932CD9-B95E-4E5F-881E-0D8A65ED193E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{05E38AC1-FD14-4606-AE13-002C710134AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0815D610-06FA-4872-B85C-FC9B588BFD51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{09BBB080-BA29-445A-9DB5-927292E858B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{09C8E478-AD55-4970-98BF-C8B602E691C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{09E3CB00-8873-4253-B275-3A34C6CF7CEB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{0BA89406-9351-4FB3-80D8-261C5B6990FE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{0E47C096-9542-4406-92F6-8D0C76D23A29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0E5E8836-48F3-4AF5-ACEA-F27DFB1B2426}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{0EF0EB4E-F8C1-4FD2-AF50-B3C041AA0696}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{102DCA7A-C677-4DB2-A4AC-4EDDC2A52395}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{12786051-7FC0-493D-AD7C-BF8F5DB4F16A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{13BDCD66-5641-4D8D-9B40-8F73240CF494}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{15214601-B732-4C9B-B1FD-EBB0A1FF9700}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{15CA399E-420B-4944-9DBA-C2D375403B6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1607D4B9-2601-4B25-A2E5-1293CE6FD91B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{175B143D-EB90-4274-BC14-A719DA1F03C2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{179A3E6C-47C6-424B-87CA-65597A54C326}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1979C026-AE04-4ABC-A0DA-C09B6B0C845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1A28CEBF-A430-415B-BD95-D1491DEFA0D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1A426EAC-C244-4F75-8DBF-D179B6FEB0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1AD4AEFD-4A6F-4528-B3E7-A0D2FD138690}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1B37F83E-75AB-419E-A0F4-96CEA1BAF90F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1B584392-1DF3-44A4-ABA5-18E8A31CDCD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1D9207E2-FF18-4955-9F7F-6865AA5B4A55}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1E171D57-2568-4763-94B7-EC090FE45BB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1EBF99BD-3F73-47D4-B67D-758A2D737C51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1EEC2939-D3EF-4CAF-943E-C5B91521520D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1F7DD8C0-D3BA-4EB2-9689-0E5636CCCCE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{20BCD520-DD98-41D5-B2BF-E914872996FB}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{20D2EFFC-4E01-4431-AC1B-876FEDAD6D36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2294CDE8-6877-4F04-B608-0B1960B3F411}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{22E30252-4009-4BAB-B4E8-F7A735101564}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2353297A-93FC-4C63-9F77-1567E7A38731}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{23943505-C1CF-4A48-A137-0F6A0E8E676D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{244FDF4C-18C2-4003-AF15-1802ABEDA6D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{24D4DB1C-4D99-4B2E-AC8B-505A44420572}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{24FFB575-FCDB-40A2-A36E-F85C56EC81CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{28E95F5E-E632-4E31-BCF5-82EF999C9035}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{2A3C10A5-644C-4501-A9F2-C2CD8876D334}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2A3DF8E0-3BBC-454E-9E5D-9614769039D1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2DD4C8C0-4339-43BA-87B2-2F1533BAE42E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2F3DF510-3650-4032-A457-FD8ABE3DB1E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{302D41B3-7669-45A2-B62E-84F1A286A3B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{30A63774-A019-4A4D-AA98-A41972EFC7E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{321C338F-A036-4C49-A1C9-677D7B9A68E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{334DE27A-AF20-43D9-9FEF-35511E1C7198}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{353418C2-10AD-42D3-BBDD-460E0BAD564E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{35B7EE5D-29AC-47B7-816C-93BE94F5A07D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{35D5C36F-2A18-481E-A820-34E1166916A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{36EBEC9F-94C7-4EF4-A5DF-7D9963F4BF28}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{370F7AE7-2F9E-4855-96DA-ED56785C0EEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{37AC8DA0-3AA8-4A02-97AD-A28CC5C54EBE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3B08F561-4324-4491-AD0D-14F99C25D97D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3B782631-2333-4801-9355-C415F899E77E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3BF5BB5A-21F3-4B75-A14A-C867A8F27086}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3C14A090-A41E-420B-84CD-5B2E0B7E810C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3C9BE420-823E-437A-AE8E-E111858EEC16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3CE3D007-738D-477E-B74A-00AA66D90501}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3F94AE19-EA1A-40FE-8F6D-FEDC7A13A69D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{40DBFF9B-01A0-4FE2-B610-C9C25E3799DA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{43EDD6DE-7712-4427-BF4E-F1DEF8B33FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4454DBD2-0E51-415B-983E-4AC079B07917}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{459FBB82-1117-4338-9FDC-0D5732F271D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{45AF1233-3435-4625-9012-19556F546D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{466B7CEF-FC61-420F-8E2A-F145A0538462}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{46DC4955-2EFA-430E-8EF0-B4D58D11C0BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{484CB5B2-1DD1-4C24-A449-A63654D2CBE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{48882EEB-1C60-4FCE-8D32-CA05A0A10418}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{48E6CB7B-D7D3-4C91-95C9-0F7334AECC7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{49138DEC-964E-48A0-834D-7B3E7AAD2BE4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{4A39CC2C-F1C5-4FCF-AED4-51BD152A2216}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{4ADC6FAB-FE60-4B36-BD6B-BE7B30471E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4B702E29-293F-4DCB-9FE9-D422EA0F9BDF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4DD68B3D-EF17-4C9D-9A4D-B047DF2426EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4F3AA876-5D44-4B46-AC96-10134BAA7690}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{51F5327B-30A9-4F5B-B392-837D66D1DAEF}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{52375B17-76D6-4540-AF34-D8C590D0A0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{527760D7-5FC6-419C-98A6-1F15B39FB0C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5304DE6E-1D02-46D6-BA5B-2307F0BFBDD8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{54A52C3C-F1E4-476C-80FD-7FA44734695F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{582A6BC0-F326-42F9-B188-6A269FEFA8E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{584188B7-5F99-4EB3-8801-D523BD5AFD2B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{588C65E7-229E-4BA0-9685-648BFA74EF76}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{59250988-DCFF-4B78-86B9-CED01BA86D64}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{59483677-1C4D-425E-B4D8-E3EEB4ACDA97}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{5A78EC14-15EE-4D69-96B0-C6510FFEB2DB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5CA21A77-D90F-4A4A-AFC2-B2FB746E27D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5DCE4C6F-7A8C-4C27-867B-1C500F8EC3DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5FFCF9BC-70B0-4F8D-9DB4-CCE38E2A0434}" = protocol=6 | dir=out | app=system |
    "{6207E16D-E7BA-4B78-B01E-56D57515CA9A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{63925537-9E69-4778-88B0-65817485C186}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{63F04650-DED6-41D1-BAF5-661C8A81384E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{64D24DAF-7FC6-4CA8-BBF1-D5907F56D878}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{69815289-1019-4B43-AA7B-14498F4DE87A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6C7E804A-6375-41B6-9009-4438213F386A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{70507548-967C-481F-B568-11F8F27A2390}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{71F62C37-38D6-4714-9B7C-B0D6F9C1EF3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{72F0100F-5374-49C3-B985-727F9756B3BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{730DC661-00C7-4E22-AF55-87DCEB7A5EE6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{736FD27A-6166-441A-9B0B-359D990178D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{73E496EC-F57B-40CF-A16B-B50ED8AA9C78}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{73F28391-8A44-43DA-BAB8-36767E64CC76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{765F2C19-E392-40D8-BAC2-1854030A648D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7B746E5F-AC88-42B0-B7B8-7E9E8F6205C6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7C548850-FBC6-49AF-B146-01BEBCDD2634}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7D440C0E-D384-4B7E-9C66-78D77E846B82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{7D7EE718-36D4-4CB0-8FF5-9E3F2271412E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7E084E45-B2C2-4F7E-B4AD-AF6E60DD63E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7E97D678-00BD-4F40-A16E-BB2FFE165D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7EC7B46F-FC1D-46AC-BD46-5A8EF1BD1397}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7FEC6A15-D4AF-4F9C-87C7-CE5423E6662F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{81BDD156-A97A-4B54-9403-A4E3E8B6539B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{83A0885F-3974-457E-9147-0F29C555CE95}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{843F4A34-01D3-47D6-B543-429E0F004E58}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{84668F84-5E05-40E4-A4AC-8957D349C6EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{84841F99-18BA-4713-9C5C-BCC9764FA3F4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8627A268-A1D7-4F8D-90DA-1F9B6B5B8616}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{87148B4D-26BA-435E-8DD6-505391B73FEE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{8830A517-C784-44A5-B677-1EF45CEDD620}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{88674758-1487-4E5C-8FCA-5865CFBBABF2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{887AA9BF-7C57-49FB-81AF-6E2F87CCE519}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{89509C3F-B34C-4C67-B822-AC72AEB4078A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{89D3239A-E26B-43F7-926F-F94D4407F30B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{8BF505F1-9C24-4613-9B23-34897D027906}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{8C9AF6EC-9C4F-4F96-8DDD-46E422AE1840}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{8FACA785-846D-4BE3-847D-BF9233FF0CEB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{908D3D36-782D-496A-B0CA-56CF34794BE3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{913562CE-65C4-49A6-A308-4538DDCFF7E9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{91583BDB-8045-4023-972E-6D0CC6432B62}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{926081A3-B54C-41C1-A0A4-E0CC76618017}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{93347FA8-46D8-4B23-8647-5D1469D2C675}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{9587C2AE-48A9-4564-BF6A-0C53B51DF989}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{961C6FBE-5BA6-4E60-92B2-86A0864BB6AF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{97E9862A-6B1B-41ED-8195-4107F3C9D5B6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{99C199AB-DDF9-4217-9C82-C8E9C606F3F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{99FCE5AC-D625-48CE-9C6F-7D7E5DA7BB98}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9A9FC560-B706-48B1-ADDF-1060AE826C71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{9AEB6800-F81B-4254-9E06-2ACD397551C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9BB22D9A-5407-40CE-9D6D-70F0B8B635E8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9CD8736F-CA0A-4F85-A155-91D426EC795E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9DE54B93-CA5C-4B57-AFA4-296B9697C02E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9E42A336-056E-4B73-A255-04AD982464EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{9EC1561C-229B-477C-87FD-245FFE1027F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9FF9773B-8AC5-4A1D-8D37-6C1DD094A289}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A11EE0D1-C4E5-41D4-8FB7-BF9CE6317478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A1D5B473-8F8E-4012-BCFC-777C996CD52E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A1EBE228-5F74-4B6E-8AD8-679BAA85E519}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A338C340-8301-4368-88B8-75A917A302B3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A428ED93-5DDA-4694-9BF1-172A6BF62C37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A4F6C352-A021-4C1D-9C7E-D06C72A7097A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A50D251C-587B-4205-897B-EA1754E5F91E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A5D06B21-F12F-44FD-8BA6-0483FD0F417A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A60044CC-464E-43A7-8D80-5F6678B895EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{A69A10D1-D2EB-47F8-897B-38D04ED65FE2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A76C6D0E-ED0D-471E-B917-180DB5743214}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A84FE189-09C3-44E7-A83D-9E1DA832250E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A8C58CF9-11E5-45DE-BD25-9B9B50EB50CF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{A8FB9339-92DE-4E27-8DEC-8F2943D9CF88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{AA8DB0DD-9F78-4369-AD65-BFA85907642A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{AC087716-ED3F-47A7-85AD-E8477783DA03}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{AC675AAA-1578-47E7-B809-B5CB1279D0CB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B0ED7F60-1575-4C56-9955-9EEDDAE3E0E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B1852A6E-360A-429A-A5EA-926790051A2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
  23. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    "{B1B01344-7C80-47D6-8897-F157607CDD0C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B1C379DC-EC1C-4682-B115-33DC2FFE9714}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B4B64DEE-BE58-4AB5-90ED-DC16ED9C86B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B52136E4-F305-4883-9F6E-2252976E2499}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B669AD9C-6412-4164-9C12-C27113404885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B68A9A69-C623-4F53-A7CA-C42DBC5F5A64}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B9ACAA4A-738E-4140-A753-B14D10401F51}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{BB1B28A1-9274-454C-8D63-25C2F92F762A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BCB9DD07-86F3-4F85-A4E0-E733E2BF9B4A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{BF6002EF-7FD2-46ED-B73F-0EB5B8136B4D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C334BBB1-4FF1-4B47-AAA0-477D9074CA60}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C4ADA759-68C6-4FF9-AE24-94DBCE4D0599}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C53B4DD0-C6B1-44AB-BB37-8C5EC9C4DE64}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{C7409413-FF95-4418-97D1-D8B39AEF4251}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C7E71C49-6DB8-4E4B-B68F-FA2A8E3176CB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C802B56D-BD03-43A9-BCAD-55A4875FC9E3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C8CF3DC5-0298-43FD-970D-A2BD325A51EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C9679763-E364-424A-AE72-8CDC7941812C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C96B4F98-C14D-4591-874A-9AFA7DAEF0E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C9A82F63-8653-41DA-B98C-3CAD69926BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CBC28E51-8193-442F-A9F6-769B701BBF7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CBE6B8E0-1769-49F6-ADBE-C79FEE84B2A9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CC56C90E-D157-4092-8651-AA72A144133E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CC9AC596-DFE7-4DBE-B478-49F4EFB2A358}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{CE144C62-B9CC-41CF-9279-A6CB3FFF4889}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CE43F32B-CB9B-4F2D-B40C-6A3BB57339CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CF93C0FE-0243-4CEF-99A5-27BD9ECB778D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{CFCC0967-7348-4746-B338-963F38913109}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D04EEDD6-E3BB-45ED-A298-355B29A894A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D08245E9-985D-4187-9C75-4B7BCF6662E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D17A6B5D-67F0-49DA-ACB6-0B150440211B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D20AB5D5-3C29-4329-BDD0-A809CF3B5592}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D48598F9-F2CE-4A21-8B9B-7FE36B80BFA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D4BFF057-4987-474A-8228-7B047DA84648}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D5DF0AA3-F71E-4C53-BD91-5E4B74E536B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D79A7DF1-82C3-4AAC-8BF2-C59679D855EC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D7B28156-498E-4D9C-AD8E-DFA077024735}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D846CEB0-9843-4D75-B50B-BF6C52ED7F40}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DAC3271D-8A92-4BBE-9CBD-407E2558C735}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DC1588C1-CA2E-4C5B-948A-E92C656212BE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DC571B2F-E71B-4540-BD62-510821676061}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DCAB2084-5730-44C9-9643-05B1AEB943DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{DEA7058B-3F03-4AEC-A46E-9FEA014A5D32}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{DF2DAF52-BDF2-457D-A9D7-7EB10CEF3F63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DFA4CC72-F74F-4EFA-8779-61F223FCB41A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E23B0CCB-74CB-4316-B475-BFBAE80EBC71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E4B11FC3-D9F7-44D5-8242-909DD010355B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E578520F-6B9D-41AF-A5F9-695A78D4185C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E5EB0661-675C-4531-AB8C-18F41AE76C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6218E52-BF7E-4BF0-AFB3-4AF86F12CC11}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E6E62312-6CDF-4C55-9368-13B9DC53DB0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E731EED4-DCAE-4BDA-AB2C-BE56CD5766B9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E7ADD68E-C1AD-43C3-A43B-FE496751709E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E86CD880-11E9-4526-A40D-ABC129D4F127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E8AA1D20-BC87-4BE3-A8A0-2F314B6BC12A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{EB8E1083-2519-4C83-9945-AC633C439C9C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{ED7A5B77-EA3D-4A41-A027-B868EB81EF9C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{EE5F86B9-CF8D-4254-AD3A-06E47CD30190}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EE61E9CB-A652-474A-8D12-16394B3D887F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EE81C824-7DD0-4B4D-ABB2-53039E6CB818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{EEA0B8E6-89EE-445A-9E04-DD0C9DDF9CE5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EF7DFFFD-E8CE-48E4-A605-5AEB6BCDB1BA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F0BCD61C-096E-4220-B163-59077E2DA764}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F156A059-7A26-47F1-97AA-F541E08EC54C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F1C0DF24-5E92-4527-A124-DE0BFA47F0AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F2FF5AB5-B834-4030-AAEF-EA7A4DD880E4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F420141E-AA54-471E-88DC-2CF99143CD3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F61FF66F-545F-4F77-81B9-18BC2E267030}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F70E3FD9-39B0-43FA-9215-1979B4C01E6F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{FC4DB5CE-51BF-4C54-9C11-3D4BA0CDC139}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{0494B836-5B27-40FA-8EC7-FA4318735FA3}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
    "TCP Query User{29711B17-5743-4167-9C30-2B5BE47F315F}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
    "TCP Query User{FB9F253F-C515-4B7C-83DF-D67C22AC7677}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "UDP Query User{7AD94215-B797-4A9F-8FAB-83B3F6425FAF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
    "UDP Query User{958EA526-2A90-40A4-A69C-E9238DFDE89C}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
    "UDP Query User{A8E00F96-7A89-4A42-8786-E8CCEE7364D1}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
    "{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7BB03D40-B79D-405C-A214-760EBCDB0EC3}" = PCDJ BLUE VRM
    "{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
    "{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{9FD3A8DA-2E36-4649-AEF1-41A110BD3CB5}" = PCDJ RED VRM
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AABEF0A3-E6AE-4743-B02B-765D05F3F4B7}" = PCDJ FX VRM
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
    "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
    "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "abgx360" = abgx360 v1.0.2
    "Absolute Poker" = Absolute Poker
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AutoGK" = Auto Gordian Knot 2.45
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "avast5" = avast! Free Antivirus
    "Avidemux 2.4" = Avidemux 2.4
    "AviSynth" = AviSynth 2.5
    "CCleaner" = CCleaner
    "ComicRack" = ComicRack v0.9.130
    "COMODO Internet Security" = COMODO Internet Security
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "Driver Magician_is1" = Driver Magician 3.49
    "DVD Flick_is1" = DVD Flick
    "DVD Identifier_is1" = DVD Identifier
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVD-lab PRO 2.3_is1" = DVD-lab PRO 2.3
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FeedDemon_is1" = FeedDemon
    "FeedStation_is1" = FeedStation
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "FrostWire" = FrostWire 4.20.9
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "MozBackup" = MozBackup 1.4.10
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MPEG Video Wizard" = MPEG Video Wizard 4.0.4.108 (03/2008)
    "OggDS" = Direct Show Ogg Vorbis Filter (remove only)
    "PCDJ BLUE VRM" = PCDJ BLUE VRM
    "PCDJ FX VRM" = PCDJ FX VRM
    "PCDJ RED VRM" = PCDJ RED VRM
    "PCDJ VJ" = PCDJ VJ
    "PCDJDex" = PCDJ DEX (remove only)
    "PowerISO" = PowerISO
    "PROR" = Microsoft Office Professional 2007 Trial
    "ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
    "SopCast" = SopCast 3.2.9
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "The KMPlayer" = The KMPlayer (remove only)
    "TightVNC_is1" = TightVNC 1.3.9
    "Tor" = Tor 0.2.0.32
    "TurboTax 2009" = TurboTax 2009
    "TVWiz" = Intel(R) TV Wizard
    "Vidalia" = Vidalia 0.1.10
    "VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.549
    "VLC media player" = VideoLAN VLC media player 0.8.6d
    "VobSub" = VobSub v2.23 (Remove Only)
    "WinGimp-2.0_is1" = GIMP 2.4.7
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.1 beta
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "XviD4PSP5" = XviD4PSP 5.0
    "Yahoo! Inquisitor" = Inquisitor for Internet Explorer
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "8f3d5f316bf9c08f" = OffiSync
    "Absolute Poker" = Absolute Poker
    "dotoo" = dotoo
    "Flash Video Downloader. Youtube Downloader" = Flash Video Downloader. Youtube Downloader
    "ijji FireFox Launcher" = ijji FireFox Launcher 1.0
    "Sansa Updater" = Sansa Updater
    "uTorrent" = µTorrent
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:00:32 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 12/12/2009 6:11:18 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 12/12/2009 6:49:12 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 12/12/2009 6:52:57 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 12/14/2009 10:02:42 AM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 12/17/2009 7:52:46 PM | Computer Name = WulfLapTop | Source = Application Error | ID = 1000
    Description = Faulting application OUTLOOK.EXE, version 12.0.6504.5000, time stamp
    0x49e7f47e, faulting module OUTLOOK.EXE, version 12.0.6504.5000, time stamp 0x49e7f47e,
    exception code 0xc0000005, fault offset 0x005d1b2c, process id 0x26c, application
    start time 0x01ca7f726aedf760.

    Error - 12/17/2009 7:56:56 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Outlook.

    Error - 12/23/2009 1:04:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 12/24/2009 9:14:23 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 12/24/2009 10:20:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 12/25/2009 2:05:09 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    [ Broadcom Wireless LAN Events ]
    Error - 7/8/2010 10:19:55 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 10:19:54, Thu, Jul 08, 10 Error - Unable to gain access to user store


    Error - 7/26/2010 9:42:43 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 09:42:42, Mon, Jul 26, 10 Error - Unable to gain access to user store


    Error - 7/29/2010 9:11:44 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 09:11:44, Thu, Jul 29, 10 Error - Unable to gain access to user store


    Error - 8/1/2010 1:24:53 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 01:24:52, Sun, Aug 01, 10 Error - Unable to gain access to user store


    Error - 9/8/2010 12:20:58 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 12:20:57, Wed, Sep 08, 10 Error - Unable to gain access to user store


    Error - 9/10/2010 11:35:21 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 11:35:20, Fri, Sep 10, 10 Error - Unable to gain access to user store


    Error - 9/12/2010 3:42:35 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 15:42:33, Sun, Sep 12, 10 Error - Unable to gain access to user store


    Error - 9/27/2010 10:26:47 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 22:26:46, Mon, Sep 27, 10 Error - Unable to gain access to user store


    Error - 10/7/2010 10:41:54 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 22:41:54, Thu, Oct 07, 10 Error - Unable to gain access to user store


    Error - 10/8/2010 9:37:18 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
    Description = 09:37:18, Fri, Oct 08, 10 Error - Unable to gain access to user store


    [ Media Center Events ]
    Error - 2/25/2008 7:58:32 PM | Computer Name = WulfLapTop | Source = ehSched | ID = 5
    Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005

    Error - 2/25/2008 7:58:36 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
    Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
    Object
    Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

    Error - 2/25/2008 7:58:37 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/26/2008 8:31:17 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

    Error - 2/26/2008 8:34:21 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 2/26/2008 8:37:39 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

    Error - 5/23/2008 6:58:11 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/28/2008 9:45:09 AM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    [ OSession Events ]
    Error - 5/15/2009 12:32:25 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 12/17/2009 7:52:43 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 690
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 4/8/2010 5:19:23 AM | Computer Name = Wulftop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/30/2010 1:56:48 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/30/2010 2:12:10 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/30/2010 2:25:05 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
    Description =

    Error - 10/31/2010 3:42:16 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/31/2010 3:54:55 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/31/2010 4:05:04 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
  24. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    tough to get out a reply whenever I kill the scvhost.exe it reboots my computer about 30 secs or so later.
  25. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    ok i found the right scvhost.exe to kill and it doens't reboot so quickly...
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.