Solved Google Redirects and unauthorized attempts to connect to Sites, Vista

Status
Not open for further replies.
D

Demianwulf

Posts: 74   +0
My computer is getting google redirects to ad sites. These sites attempt to connect to the internet 199.80.55.19, cljkcpixelabn.com, and z0g7yail0.com. The computer did get some BSOD's, but I did not write down the error code unfortuantely. I since

Here are my logs per the 8 steps, but the Attach.txt file could not be found even though DDS program seemed to run right not sure where I can find it I'll try again:

My theory is that I downloaded and installed something questionable considering I have this other problem with this laptop being my wifi network device has disappeared and no matter how many drivers, reinstalls I have done it won't reapppear. I installed a bunch of dumb driver finder programs as a last resort to try to restore functionality, but to no avail. I'm assuming one of these installs is the culprit...

I have since run numerous scans with Avast, Spybot, Kaspersky, Hijackthis and Malwarebytes. My original run of Malwarebytes included this in the log: Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. The log below is the current run.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4982

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/29/2010 12:24:15 AM
mbam-log-2010-10-29 (00-24-15).txt

Scan type: Quick scan
Objects scanned: 173972
Time elapsed: 13 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-26 17:02:54
Windows 6.0.6002 Service Pack 2
Running: 2u2b3yrc.exe; Driver: C:\Users\WulfTop\AppData\Local\Temp\fxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x93333F8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x93334F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x93334174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x933333FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x93333BF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x933332DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x93333A82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x93334C16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x93332EA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x93332CD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x93334898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9333367E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x93333DD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x93332A04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9333390E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x93332B7C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x933353C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x93334634]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x93334A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x93333618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x93333802]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x933331A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x93333074]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x93334280]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 83CE087C 4 Bytes [8E, 3F, 33, 93]
.text ntkrnlpa.exe!KeSetEvent + 13D 83CE08A0 8 Bytes [5C, 4F, 33, 93, 74, 41, 33, ...] {POP ESP; DEC EDI; XOR EDX, [EBX-0x6cccbe8c]}
.text ntkrnlpa.exe!KeSetEvent + 1C1 83CE0924 4 Bytes CALL B70203AC
.text ntkrnlpa.exe!KeSetEvent + 1D9 83CE093C 4 Bytes [F4, 3B, 33, 93] {HLT ; CMP ESI, [EBX]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 205 83CE0968 4 Bytes [DC, 32, 33, 93]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83E0B28F 5 Bytes JMP 843E85D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83E64063 5 Bytes JMP 843E9FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1200BEVS-22UST0___________________01.01A01#4&9de862a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6D 0xF7 0x65 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0x4E 0x95 0x60 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0xE0 0x49 0x31 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-10-21.02) - NTFSx86
Run by WulfTop at 18:01:49.76 on Tue 10/26/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.759 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\iashost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\WulfTop\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
mURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
mURLSearchHooks: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! Inquisitor for IE: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\inquisitor\Inquisitor_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\wulftop\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\users\wulftop\appdata\roaming\microsoft\windows\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\wulftop\appdata\roaming\mozilla\firefox\profiles\xivfcrut.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\wulftop\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\wulftop\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-20 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-7 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-7 29520]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-10-8 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-20 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-20 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
R2 InquisitorService;Inquisitor Service;c:\program files\yahoo!\inquisitor\InquisitorService.exe [2008-10-17 185624]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-1-10 809296]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-18 21504]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-10-22 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-23 16:42:26 -------- d-----w- c:\progra~2\eMule
2010-10-23 14:46:08 -------- d-----w- c:\users\wulftop\appdata\local\eMule
2010-10-23 14:46:05 -------- d-----w- c:\program files\eMule
2010-10-22 08:05:19 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-10-22 07:52:30 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2010-10-22 07:49:29 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2010-10-20 15:58:33 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-10-20 15:58:33 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-20 15:57:44 -------- d-----w- c:\users\wulftop\appdata\local\Microsoft Game Studios
2010-10-20 15:57:22 -------- d-----w- c:\progra~2\Microsoft Games
2010-10-20 15:55:40 -------- d-----w- c:\users\wulftop\appdata\roaming\Microsoft Game Studios
2010-10-20 01:43:41 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
2010-10-12 15:17:06 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-10-12 15:17:06 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-10-12 14:59:22 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-10-12 14:59:22 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-10-12 14:59:22 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-10-12 14:59:22 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-10-12 14:59:22 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-10-12 14:59:21 -------- d-----w- c:\program files\Driver Magician
2010-10-12 14:43:49 -------- d-----w- c:\users\wulftop\appdata\roaming\GetRightToGo
2010-10-12 14:14:41 -------- d-----w- c:\program files\Driver-Soft
2010-10-12 13:12:54 -------- d-----w- C:\dell
2010-10-08 19:23:30 337920 ----a-w- c:\windows\system\rtl8187B.sys
2010-10-08 19:23:29 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-10-08 18:33:22 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2010-10-08 18:33:22 361472 ----a-w- c:\windows\system\RTL85n86.sys
2010-10-08 18:33:18 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-10-08 18:33:17 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
2010-10-08 04:20:44 -------- d-----w- c:\users\wulftop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
2010-10-08 02:57:00 -------- d-----w- c:\program files\MozBackup
2010-10-07 21:56:47 -------- d-----w- c:\users\wulftop\{8517c860-6671-4a8c-8483-66ad267c2024}
2010-10-07 04:15:36 -------- d-----w- c:\progra~2\Samsung
2010-09-29 13:24:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 13:22:57 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 03:03:16 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-28 03:03:16 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-28 02:55:23 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-28 02:41:20 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-28 02:41:15 -------- d-----w- c:\program files\Realtek
2010-09-28 02:38:07 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-28 01:40:48 26496 ----a-w- c:\windows\system32\USBSTOR.SYS
2010-09-26 22:45:11 13031 ----a-w- c:\users\wulftop\www.blogger.com

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 18:03:25.26 ===============
 
Welcome aboard :)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
2010/10/29 10:45:51.0745 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/29 10:45:51.0745 ================================================================================
2010/10/29 10:45:51.0745 SystemInfo:
2010/10/29 10:45:51.0745
2010/10/29 10:45:51.0745 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/29 10:45:51.0745 Product type: Workstation
2010/10/29 10:45:51.0745 ComputerName: WULFTOP
2010/10/29 10:45:51.0746 UserName: WulfTop
2010/10/29 10:45:51.0746 Windows directory: C:\Windows
2010/10/29 10:45:51.0746 System windows directory: C:\Windows
2010/10/29 10:45:51.0746 Processor architecture: Intel x86
2010/10/29 10:45:51.0746 Number of processors: 2
2010/10/29 10:45:51.0746 Page size: 0x1000
2010/10/29 10:45:51.0746 Boot type: Normal boot
2010/10/29 10:45:51.0746 ================================================================================
2010/10/29 10:45:52.0456 Initialize success
2010/10/29 10:45:55.0500 ================================================================================
2010/10/29 10:45:55.0500 Scan started
2010/10/29 10:45:55.0500 Mode: Manual;
2010/10/29 10:45:55.0500 ================================================================================
2010/10/29 10:45:56.0620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/29 10:45:56.0696 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/29 10:45:56.0764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/29 10:45:56.0824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/29 10:45:56.0881 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/29 10:45:56.0987 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/29 10:45:57.0097 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/10/29 10:45:57.0184 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/29 10:45:57.0261 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/29 10:45:57.0310 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/29 10:45:57.0352 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/29 10:45:57.0388 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/29 10:45:57.0439 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/29 10:45:57.0480 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/29 10:45:57.0588 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/29 10:45:57.0632 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/29 10:45:57.0707 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
2010/10/29 10:45:57.0793 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/10/29 10:45:57.0845 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/10/29 10:45:57.0913 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/10/29 10:45:57.0995 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/10/29 10:45:58.0070 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/10/29 10:45:58.0150 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/29 10:45:58.0205 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/29 10:45:58.0338 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/29 10:45:58.0484 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/29 10:45:58.0534 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/29 10:45:58.0576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/29 10:45:58.0654 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/29 10:45:58.0696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/29 10:45:58.0731 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/29 10:45:58.0763 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/29 10:45:58.0811 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/29 10:45:58.0889 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/29 10:45:58.0969 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/29 10:45:59.0025 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/29 10:45:59.0140 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/29 10:45:59.0229 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/29 10:45:59.0297 cmdGuard (95b4dee20d89403d636dca2be73742cb) C:\Windows\system32\DRIVERS\cmdguard.sys
2010/10/29 10:45:59.0364 cmdHlp (12186867f48b4817c58d45f268fda3d5) C:\Windows\system32\DRIVERS\cmdhlp.sys
2010/10/29 10:45:59.0411 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/29 10:45:59.0468 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/29 10:45:59.0507 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/29 10:45:59.0564 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/29 10:45:59.0644 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/29 10:45:59.0733 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/29 10:45:59.0831 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/29 10:45:59.0907 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/29 10:45:59.0978 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/29 10:46:00.0067 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/29 10:46:00.0148 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/29 10:46:00.0258 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/29 10:46:00.0321 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/29 10:46:00.0373 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/29 10:46:00.0450 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/29 10:46:00.0493 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/29 10:46:00.0536 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/29 10:46:00.0608 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/29 10:46:00.0681 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/29 10:46:00.0732 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/29 10:46:00.0807 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/29 10:46:00.0892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/29 10:46:00.0951 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/29 10:46:00.0987 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/29 10:46:01.0073 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/29 10:46:01.0132 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/29 10:46:01.0206 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/29 10:46:01.0261 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/29 10:46:01.0327 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/29 10:46:01.0416 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/29 10:46:01.0471 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/29 10:46:01.0690 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/29 10:46:01.0846 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/29 10:46:01.0941 Inspect (1d79596c08a0153335021ade850a0710) C:\Windows\system32\DRIVERS\inspect.sys
2010/10/29 10:46:02.0005 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/29 10:46:02.0071 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/29 10:46:02.0155 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/29 10:46:02.0237 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/29 10:46:02.0280 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/29 10:46:02.0324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/29 10:46:02.0382 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/29 10:46:02.0458 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/29 10:46:02.0503 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/29 10:46:02.0545 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/29 10:46:02.0608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/29 10:46:02.0685 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/29 10:46:02.0780 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/29 10:46:02.0903 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/10/29 10:46:02.0973 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/29 10:46:03.0033 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/10/29 10:46:03.0081 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/29 10:46:03.0134 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/29 10:46:03.0175 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/29 10:46:03.0228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/29 10:46:03.0281 LUsbFilt (ff1c2f90d40a2e52649937854e175987) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/10/29 10:46:03.0369 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/29 10:46:03.0445 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/29 10:46:03.0504 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2010/10/29 10:46:03.0573 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/29 10:46:03.0692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/29 10:46:03.0732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/29 10:46:03.0789 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/29 10:46:03.0838 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/29 10:46:03.0888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/29 10:46:03.0966 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/29 10:46:04.0033 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/29 10:46:04.0120 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/29 10:46:04.0163 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/29 10:46:04.0212 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/29 10:46:04.0257 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/29 10:46:04.0341 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/29 10:46:04.0413 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/29 10:46:04.0476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/29 10:46:04.0534 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/29 10:46:04.0658 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/29 10:46:04.0723 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/29 10:46:04.0870 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/29 10:46:04.0951 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/29 10:46:05.0017 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/29 10:46:05.0069 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/29 10:46:05.0171 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/29 10:46:05.0257 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/29 10:46:05.0341 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/29 10:46:05.0386 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/29 10:46:05.0460 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/29 10:46:05.0505 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/29 10:46:05.0539 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/29 10:46:05.0603 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/29 10:46:05.0748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/29 10:46:05.0820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/29 10:46:05.0858 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/29 10:46:06.0048 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/29 10:46:06.0193 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/29 10:46:06.0283 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/29 10:46:06.0330 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/29 10:46:06.0381 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/29 10:46:06.0426 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/29 10:46:06.0579 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/29 10:46:06.0693 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/29 10:46:06.0768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/29 10:46:06.0806 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/29 10:46:06.0954 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/29 10:46:06.0997 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/29 10:46:07.0044 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/29 10:46:07.0130 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/10/29 10:46:07.0208 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/29 10:46:07.0403 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/29 10:46:07.0453 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/29 10:46:07.0570 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/29 10:46:07.0644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/29 10:46:07.0731 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/29 10:46:07.0809 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/29 10:46:07.0882 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/29 10:46:07.0954 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/29 10:46:08.0052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/29 10:46:08.0263 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/29 10:46:08.0342 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/29 10:46:08.0393 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/29 10:46:08.0678 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/29 10:46:08.0999 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/29 10:46:09.0133 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/29 10:46:09.0301 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/29 10:46:09.0392 RTL8169 (2dd5dd25fb68975d094ae57d46097f48) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/29 10:46:09.0609 RTL8187B (73284ef4fdeb8d7ab36b6b4714db393e) C:\Windows\system32\DRIVERS\RTL8187B.sys
2010/10/29 10:46:09.0676 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2010/10/29 10:46:09.0793 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/29 10:46:09.0873 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2010/10/29 10:46:09.0936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/29 10:46:10.0002 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/29 10:46:10.0046 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/29 10:46:10.0190 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/29 10:46:10.0344 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/29 10:46:10.0382 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/29 10:46:10.0440 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/29 10:46:10.0561 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/29 10:46:10.0654 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/29 10:46:10.0725 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/29 10:46:10.0813 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/29 10:46:10.0894 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/29 10:46:11.0014 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/29 10:46:11.0169 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/29 10:46:11.0252 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/29 10:46:11.0320 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/29 10:46:11.0423 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
2010/10/29 10:46:11.0525 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/29 10:46:11.0610 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/29 10:46:11.0648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/29 10:46:11.0694 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/29 10:46:11.0760 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/29 10:46:12.0001 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/29 10:46:12.0192 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/29 10:46:12.0366 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/29 10:46:12.0458 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/29 10:46:12.0533 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/29 10:46:12.0650 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/29 10:46:12.0718 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/29 10:46:12.0887 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/29 10:46:12.0964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/29 10:46:13.0043 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/29 10:46:13.0125 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/29 10:46:13.0201 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/29 10:46:13.0346 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/29 10:46:13.0419 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/29 10:46:13.0467 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/29 10:46:13.0539 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/29 10:46:13.0619 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/29 10:46:13.0915 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/29 10:46:14.0270 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/29 10:46:14.0498 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/29 10:46:14.0597 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/29 10:46:14.0684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/29 10:46:14.0742 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/29 10:46:14.0815 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/29 10:46:14.0856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/29 10:46:15.0028 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/29 10:46:15.0145 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/10/29 10:46:15.0249 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/29 10:46:15.0308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/29 10:46:15.0364 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/29 10:46:15.0412 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/29 10:46:15.0483 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/29 10:46:15.0551 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/29 10:46:15.0639 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/29 10:46:15.0723 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/29 10:46:15.0769 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/29 10:46:15.0853 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/29 10:46:15.0925 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/29 10:46:15.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/29 10:46:16.0038 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/29 10:46:16.0123 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/29 10:46:16.0325 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/10/29 10:46:16.0509 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/29 10:46:16.0616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/29 10:46:16.0696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/29 10:46:16.0793 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/29 10:46:16.0973 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/29 10:46:16.0982 ================================================================================
2010/10/29 10:46:16.0982 Scan finished
2010/10/29 10:46:16.0982 ================================================================================
2010/10/29 10:46:17.0013 Detected object count: 1
2010/10/29 10:47:33.0506 \HardDisk0\MBR - will be cured after reboot
2010/10/29 10:47:33.0506 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/29 10:47:51.0248 Deinitialize success
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Gateway
System Product Name: ML6720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x83C1A000 \SystemRoot\system32\ntkrnlpa.exe
0x83FD3000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
0x80783000 \SystemRoot\system32\drivers\intelide.sys
0x8078A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
0x84207000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x842E2000 \SystemRoot\system32\drivers\atapi.sys
0x842EA000 \SystemRoot\system32\drivers\ataport.SYS
0x84308000 \SystemRoot\system32\drivers\msahci.sys
0x84311000 \SystemRoot\system32\drivers\fltmgr.sys
0x84343000 \SystemRoot\system32\drivers\fileinfo.sys
0x84353000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8980A000 \SystemRoot\system32\drivers\ndis.sys
0x89915000 \SystemRoot\system32\drivers\msrpc.sys
0x89940000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0D000 \SystemRoot\System32\drivers\tcpip.sys
0x89AF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89C03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89D13000 \SystemRoot\system32\drivers\volsnap.sys
0x89D4C000 \SystemRoot\System32\Drivers\mup.sys
0x89D5B000 \SystemRoot\System32\drivers\ecache.sys
0x89D82000 \SystemRoot\system32\drivers\disk.sys
0x89D93000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DB4000 \SystemRoot\system32\drivers\crcdisk.sys
0x89DCA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89DD3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x89DE2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89DE6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E801000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F100000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F1A1000 \SystemRoot\System32\drivers\watchdog.sys
0x8E404000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E491000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E4D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E4E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E4F1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E51D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E51F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E52A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E542000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E571000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E5B2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E5BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E5D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F1AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E5DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F1D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F1E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E5EE000 \SystemRoot\System32\Drivers\pcouffin.sys
0x89DEF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E5FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8997B000 \SystemRoot\system32\DRIVERS\ks.sys
0x89BED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89A00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x899A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9040E000 \SystemRoot\system32\drivers\stwrt.sys
0x904B1000 \SystemRoot\system32\drivers\portcls.sys
0x904DE000 \SystemRoot\system32\drivers\drmk.sys
0x90606000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90722000 \SystemRoot\system32\drivers\modem.sys
0x9072F000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x90752000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9075B000 \SystemRoot\System32\Drivers\Null.SYS
0x90762000 \SystemRoot\System32\Drivers\Beep.SYS
0x90772000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90779000 \SystemRoot\System32\drivers\vga.sys
0x90785000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x907A6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x907AE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x907B6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x907C1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x907CF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x907D8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x907EE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90503000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x9050D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9053F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90553000 \SystemRoot\system32\drivers\afd.sys
0x907F8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9059B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x905B1000 \SystemRoot\system32\DRIVERS\inspect.sys
0x905C6000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x905D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905F1000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x899B6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90400000 \SystemRoot\system32\drivers\nsiproxy.sys
0x843C4000 \SystemRoot\System32\Drivers\dfsc.sys
0x807A8000 \SystemRoot\System32\Drivers\aswSP.SYS
0x89DBD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89B12000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93C00000 \SystemRoot\System32\win32k.sys
0x899F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x843DB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93E20000 \SystemRoot\System32\TSDDD.dll
0x93E40000 \SystemRoot\System32\cdd.dll
0x807CF000 \SystemRoot\system32\drivers\luafv.sys
0x805BD000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x907FD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x843EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81E0F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81E39000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81E43000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81E56000 \SystemRoot\system32\drivers\HTTP.sys
0x81EC3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81EE0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81EF9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81F0E000 \SystemRoot\system32\drivers\mrxdav.sys
0x81F2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81F4E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81F87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81F9F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8300C000 \SystemRoot\System32\DRIVERS\srv.sys
0x83072000 \SystemRoot\system32\drivers\peauth.sys
0x83150000 \SystemRoot\System32\Drivers\secdrv.SYS
0x83162000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8316E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x83184000 \SystemRoot\system32\drivers\tdtcp.sys
0x8318F000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x8319B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x772C0000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
600 csrss.exe
636 C:\Windows\System32\wininit.exe
656 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1116 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\audiodg.exe
1440 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\svchost.exe
1728 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2020 C:\Windows\System32\spoolsv.exe
2044 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\agrsmsvc.exe
1176 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1584 C:\Program Files\Bonjour\mDNSResponder.exe
892 C:\Windows\System32\svchost.exe
296 C:\Program Files\FolderSize\FolderSizeSvc.exe
1664 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1552 C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
1436 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2080 C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
2168 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2320 C:\Windows\System32\VSSVC.exe
2412 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2500 C:\Windows\System32\SearchIndexer.exe
2584 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2628 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3020 iashost.exe
3052 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3408 C:\Windows\System32\taskeng.exe
3452 C:\Windows\System32\dwm.exe
3496 C:\Windows\explorer.exe
3728 C:\Windows\System32\taskeng.exe
3864 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3880 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3904 C:\Program Files\PowerISO\PWRISOVM.EXE
3920 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3928 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3956 C:\Windows\System32\igfxtray.exe
4004 C:\Windows\System32\hkcmd.exe
4020 C:\Windows\System32\igfxpers.exe
4032 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2768 C:\Windows\System32\igfxsrvc.exe
772 C:\Windows\System32\wbem\unsecapp.exe
3680 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
1708 WmiPrvSE.exe
3188 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3264 C:\Windows\System32\svchost.exe
1912 C:\Windows\System32\mobsync.exe
3208 C:\Windows\servicing\TrustedInstaller.exe
3716 C:\Program Files\Mozilla Firefox\firefox.exe
2608 C:\Program Files\Mozilla Firefox\plugin-container.exe
5820 C:\Users\WulfTop\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Thank you :)

How is redirection?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 10-10-28.09 - WulfTop 10/30/2010 1:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1170 [GMT -4:00]
Running from: c:\users\WulfTop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\WulfTop\AppData\Roaming\inst.exe
c:\windows\system32\Temp

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 05:41 . 2010-10-30 05:42 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 05:41 . 2010-10-30 05:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-9-1 225280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
"SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TaskTray"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
*Deregistered* - ASPI32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 01:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\uifwimtmysbdvcd]
"imagepath"="\??\c:\windows\TEMP\7B1B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\guard32.dll
.
Completion time: 2010-10-30 01:46:47
ComboFix-quarantined-files.txt 2010-10-30 05:46

Pre-Run: 15,945,801,728 bytes free
Post-Run: 16,145,473,536 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,5,6,7
- - End Of File - - F9CCD0E66E0B2BBD214B69F44D60CF06
 
You didn't say how is redirection.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe


Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\uifwimtmysbdvcd]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
The Redirects where to ad sites, but unfortunately I didn't write any of them down I closed the tabs immediately.

I ran Combofix like instructed with the text file, but after I finished running it and the log files popped up...I was not able to save them because the computer kept giving an error saying something along the lines that Notepad could not be opened because a registry key was scheduled for deletion more or less. Same error with firefox when I tried to open it so I rebooted and all is well now. Here is the first log that saved as a temp file, but the second is gone I assume.

SHould I run it again...the second log file did mention some things that were deleted.

ComboFix 10-10-28.09 - WulfTop 10/30/2010 13:58:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.889 [GMT -4:00]
Running from: c:\users\WulfTop\Desktop\ComboFix.exe
Command switches used :: c:\users\WulfTop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 18:12 . 2010-10-30 18:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-9-1 225280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
"SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TaskTray"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
*Deregistered* - ASPI32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 14:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(1796)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-10-30 14:16:06
ComboFix-quarantined-files.txt 2010-10-30 18:16
ComboFix2.txt 2010-10-30 05:46

Pre-Run: 14,998,388,736 bytes free
Post-Run: 12,818,018,304 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,5,6,7
- - End Of File - - E26FAC470528BA1F037E2DD47A4D0843
 
Notepad could not be opened because a registry key was scheduled for deletion more or less. Same error with firefox when I tried to open it so I rebooted and all is well now
Click to expand...
Restart computer and it'll fix the issue.
I'll review your log meanwhile.
 
Here's my rerun of the Combofix script.

ComboFix 10-10-28.09 - WulfTop 10/31/2010 15:42:49.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1009 [GMT -4:00]
Running from: c:\users\WulfTop\Desktop\ComboFix.exe
Command switches used :: c:\users\WulfTop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 19:54 . 2010-10-31 19:55 -------- d-----w- c:\users\WulfTop\AppData\Local\temp
2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\demianwulf\AppData\Local\temp
2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 19:54 . 2010-10-31 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-24 19:38 . 2010-10-24 19:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\programdata\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\users\WulfTop\AppData\Local\eMule
2010-10-23 14:46 . 2010-10-23 14:46 -------- d-----w- c:\program files\eMule
2010-10-22 08:05 . 2007-05-24 23:13 251904 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-10-22 07:52 . 2007-01-31 02:03 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2010-10-22 07:49 . 2010-10-22 07:49 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2010-10-22 05:47 . 2010-10-22 05:48 -------- d-----w- c:\users\Administrator\AppData\Local\Inquisitor
2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo
2010-10-20 15:58 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-20 15:58 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-10-20 15:57 . 2010-10-20 18:41 -------- d-----w- c:\users\WulfTop\AppData\Local\Microsoft Game Studios
2010-10-20 15:57 . 2010-10-20 18:42 -------- d-----w- c:\programdata\Microsoft Games
2010-10-20 15:55 . 2010-10-20 18:42 -------- d-----w- c:\users\WulfTop\AppData\Roaming\Microsoft Game Studios
2010-10-20 01:43 . 2009-06-25 17:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-12 15:17 . 2010-08-25 19:41 263272 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-10-12 15:17 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-10-12 14:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-10-12 14:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-10-12 14:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-10-12 14:59 . 2004-03-09 04:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-10-12 14:59 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-10-12 14:59 . 2010-10-12 15:02 -------- d-----w- c:\program files\Driver Magician
2010-10-12 14:43 . 2010-10-12 14:46 -------- d-----w- c:\users\WulfTop\AppData\Roaming\GetRightToGo
2010-10-12 14:14 . 2010-10-12 14:14 -------- d-----w- c:\program files\Driver-Soft
2010-10-12 13:12 . 2010-10-12 13:12 -------- d-----w- C:\dell
2010-10-08 19:23 . 2008-06-26 10:25 337920 ----a-w- c:\windows\system\rtl8187B.sys
2010-10-08 19:23 . 2010-10-08 19:23 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-10-08 19:22 . 2010-10-08 19:22 -------- d-----w- c:\users\WulfTop\AppData\Roaming\InstallShield
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2010-10-08 18:33 . 2008-02-15 20:19 361472 ----a-w- c:\windows\system\RTL85n86.sys
2010-10-08 18:33 . 2007-04-23 14:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-10-08 18:33 . 2010-10-08 18:33 -------- d-----w- c:\windows\system32\REALTEK RTL8185 Wireless LAN Driver and Utility
2010-10-08 04:20 . 2010-10-08 04:20 -------- d-----w- c:\users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
2010-10-08 02:57 . 2010-10-08 02:57 -------- d-----w- c:\program files\MozBackup
2010-10-07 21:56 . 2010-10-07 21:56 -------- d-----w- c:\users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\programdata\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 22:45 . 2010-09-26 22:45 13031 ----a-w- c:\users\WulfTop\www.blogger.com
2010-09-07 15:12 . 2010-07-26 13:48 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-08-20 18:43 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-08-20 18:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-08-20 18:44 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-08-20 18:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-08-20 18:43 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-08-20 18:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-02 02:09 . 2010-09-02 02:09 225280 ----a-w- c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
2010-08-17 14:11 . 2010-09-15 11:44 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-08 1800464]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

c:\users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-9-1 225280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Tax Agent]
2010-02-28 18:41 632685 ----a-w- c:\windows\txagent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"PackageAware"="c:\users\WulfTop\Local Settings\Application Data\PackageAware\mpa.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
"SansaDispatch"=c:\users\WulfTop\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ESPDemo"=c:\program files\ESP Demo\ESPDemo.exe
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TaskTray"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-08 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-08 29520]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [2008-10-17 185624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
*Deregistered* - ASPI32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: {A6288ECF-58B8-467B-900E-B93BD4A29404} = 68.87.73.246,68.87.71.230
TCP: {C6E2F843-68CB-4826-8318-E0D89A7E2F60} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\WulfTop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\WulfTop\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 15:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5960)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-10-31 15:58:07
ComboFix-quarantined-files.txt 2010-10-31 19:58
ComboFix2.txt 2010-10-30 18:16
ComboFix3.txt 2010-10-30 05:46

Pre-Run: 9,432,739,840 bytes free
Post-Run: 9,275,273,216 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=6 Sets=1,5,6,7
- - End Of File - - D4C5D934828038A9A97F330AC82F72FB
 
It looks good :)
Still redirected?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Problem escalated I'm on my phone now because I can't connect to the internet on the computer only google.

I was running the otl like in the last post and it ran successfully but before I could post the results a microsoft security essential alert popped up then restarted the computer. After the reboot the personalization fails with an error sayinf failed to connect to windows services.

I ran avast in boot time scan and it picked up alureon-ka virus and said avast was infected to I believe....not sure what to do now.
So weird can't connect to any sites but can run google searches.
 
Did you try to boot to Safe Mode with Networking to see, if you have same problem there?
 
I did computer reboots before I can get it....I think its svchost.exe because there wa one in msconfig startup in the program files internet explorer...I disabled it.
 
Well it is the svchost.exe because i killed the process in task manager and now I can connect to the internet again to other sites besides google.
 
OTL logfile created on: 10/31/2010 4:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\WulfTop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 8.54 Gb Free Space | 7.64% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/07 22:27:23 | 002,334,992 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/18 23:33:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/01/18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 08:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 46 3E 08 EC 71 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: hidecaptionplus-dp@dummy.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {ee56ecf0-6e7a-479a-8162-e123a991c7e7}:0.4.6
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: tabsontop-darthpalpatine@dummy.addons.mozilla.org:1.4.4
FF - prefs.js..extensions.enabledItems: fatcash@fatwallet.com:1.24.157
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 10:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 10:53:31 | 000,000,000 | ---D | M]

[2008/06/19 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Extensions
[2010/10/30 14:35:23 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions
[2009/09/28 20:43:20 | 000,000,000 | ---D | M] (Hide Caption) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{002349F5-59AB-4fdc-8329-BF4248243C95}
[2010/10/29 10:55:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/10/25 23:26:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/05 12:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/07 23:07:08 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/08/28 16:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/28 16:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/24 10:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 19:56:00 | 000,000,000 | ---D | M] (autoHideStatusbar) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{ee56ecf0-6e7a-479a-8162-e123a991c7e7}
[2009/01/14 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\betteryoutube@ginatrapani.org
[2010/04/09 19:49:36 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\CompactMenuCE@Merci.chao
[2010/10/31 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\fatcash@fatwallet.com
[2010/10/04 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com
[2010/08/31 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxyproxy@eric.h.jung
[2010/10/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
[2009/11/05 16:34:48 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\nosquint@urandom.ca
[2010/06/13 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
[2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\searchplugins\askcom.xml
[2010/10/30 14:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - Startup: C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
O24 - Desktop BackupWallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave5 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave8 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 16:31:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
[2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/31 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\temp
[2010/10/31 15:56:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/31 15:40:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/23 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\eMule
[2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
[2010/10/20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\Microsoft Game Studios
[2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2010/10/20 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\Microsoft Game Studios
[2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2010/10/12 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
[2010/10/12 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Documents\DriverGenius
[2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2010/10/08 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\InstallShield
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
[2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
[2010/10/08 00:20:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
[2010/10/07 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\BACKUP STUFF
[2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/10/07 17:56:47 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
[2010/10/07 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\ROOT STUFF
[2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/10/03 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\The Thanos Imperative - Ignition 01 (2010) (Minutemen-DTs)
[2008/06/20 15:12:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WulfTop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========
 
[2010/10/31 16:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
[2010/10/31 16:10:10 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/31 16:10:10 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/31 16:02:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/10/31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/31 15:59:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/30 01:15:38 | 003,894,257 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
[2010/10/29 11:19:21 | 000,585,997 | ---- | M] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/27 04:22:36 | 245,033,677 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/26 15:41:45 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
[2010/10/25 23:17:45 | 000,050,860 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/19 23:48:05 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2010/10/13 20:25:05 | 000,162,304 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 00:19:09 | 000,001,356 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 09:47:50 | 000,035,342 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
[2010/10/04 17:50:27 | 000,072,329 | ---- | M] () -- C:\Users\WulfTop\Documents\sq.wma

========== Files Created - No Company Name ==========

[2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 01:22:40 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/30 01:15:38 | 003,894,257 | R--- | C] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
[2010/10/29 11:19:20 | 000,585,997 | ---- | C] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
[2010/10/26 15:37:57 | 245,033,677 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/25 23:17:41 | 000,050,860 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
[2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2010/10/08 09:47:47 | 000,035,342 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
[2010/10/04 22:14:20 | 000,000,025 | ---- | C] () -- C:\Users\WulfTop\EPIC accesories.txt
[2010/10/04 17:50:26 | 000,072,329 | ---- | C] () -- C:\Users\WulfTop\Documents\sq.wma
[2010/10/04 16:38:53 | 000,000,053 | ---- | C] () -- C:\Users\WulfTop\SPRINT EPIC.txt
[2010/10/02 02:01:15 | 019,551,390 | ---- | C] () -- C:\Users\WulfTop\Desktop\01 Thanos Quest - 01 - Schemes & Dreams.cbr
[2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/16 15:46:28 | 000,000,036 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\housecall.guid.cache
[2010/03/16 10:32:08 | 000,301,640 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\farm.bmp
[2010/03/16 10:19:25 | 000,030,595 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\settings.dat
[2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/08 08:04:53 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\PUTTY.RND
[2009/04/07 23:21:00 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\winscp.rnd
[2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
[2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/20 21:35:37 | 000,000,540 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\AutoGK.ini
[2008/06/20 15:15:38 | 000,000,668 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\vso_ts_preview.xml
[2008/06/20 15:14:07 | 000,000,034 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.log
[2008/06/20 15:12:38 | 000,007,887 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.cat
[2008/06/20 15:12:26 | 000,001,144 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.inf
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/27 21:34:36 | 000,162,304 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/12/26 21:00:33 | 000,001,356 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2010/01/16 10:11:44 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\abgx360
[2010/01/18 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\cYo
[2008/12/27 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\DAEMON Tools
[2010/08/31 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\FrostWire
[2010/02/15 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Galactic Magnate
[2010/10/12 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
[2007/12/26 23:27:54 | 000,000,000 | -H-D | M] -- C:\Users\WulfTop\AppData\Roaming\ijjigame
[2009/02/12 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\ImgBurn
[2010/01/02 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\My ClickOnce Applications
[2010/06/08 20:59:56 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Opera
[2008/06/20 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Publish Providers
[2010/08/29 23:09:35 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SanDisk
[2008/06/20 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Sony
[2010/09/27 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SystemRequirementsLab
[2010/10/30 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\uTorrent
[2008/06/20 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\VideoReDo-TVSuite
[2008/06/20 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Vso
[2010/10/31 15:59:27 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/31 16:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/12/14 11:07:20 | 000,048,130 | ---- | M] () -- C:\autoruns.chm
[2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2008/05/02 13:55:58 | 047,787,248 | ---- | M] () -- C:\avg_free_stf_en_8_100a1295.exe
[2008/06/26 17:51:32 | 000,202,944 | ---- | M] () -- C:\Bookmarks 2008-06-26.json
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/12/26 23:48:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/31 15:58:07 | 000,016,769 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2006/07/28 09:32:44 | 000,007,005 | ---- | M] () -- C:\Eula.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/01/04 06:23:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/10 17:14:40 | 004,411,392 | ---- | M] (Gabest) -- C:\mplayerc.exe
[2008/01/04 06:23:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/31 16:01:37 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2010/10/29 10:47:51 | 000,058,316 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_29.10.2010_10.45.51_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/11/03 13:13:02 | 000,000,036 | ---- | M] () -- C:\yoyotouchdiamond.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/12/06 20:00:00 | 000,118,784 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\1sK317.dll
[2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2004/08/05 20:00:00 | 000,030,208 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\x17931u.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/03/18 19:39:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/06 12:19:22 | 000,000,286 | -HS- | M] () -- C:\Users\WulfTop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/03/26 21:45:22 | 000,798,176 | ---- | M] () -- C:\Users\WulfTop\Desktop\Backup_20100326.exe
[2010/10/30 01:15:38 | 003,894,257 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
[2010/10/31 16:32:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/02/14 13:53:26 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/02/14 13:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2007/12/26 22:23:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2007/12/26 22:23:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/02/14 13:52:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/12/26 22:11:50 | 000,000,402 | -HS- | M] () -- C:\Users\WulfTop\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/11/07 23:44:19 | 000,000,383 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/03/02 16:33:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 06:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D2D4B33E

< End of report >
 
OTL Extras logfile created on: 10/31/2010 4:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\WulfTop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 8.54 Gb Free Space | 7.64% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1846439569-3478701832-3505936554-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F80AFE-586F-405F-847B-4AA8CCDD5C1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{010FF56D-0C93-41BE-A66F-224A5E014595}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{02494C12-0E10-4E39-80A6-FFF0CD07474D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{039F2FDE-FA97-456B-B69E-10C316C4954D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{03D09F67-73F2-4C68-A547-1B0BCF58001E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0ADEC85A-CB10-47A8-A175-7C4E209C0630}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F81FEF2-824A-416C-88D4-6C919EFCAAF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F9D434C-725F-4779-A851-32B5E1C70CBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{10371269-3EEF-4658-A2E5-74A0348F2785}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{137810C3-2C8B-4879-8B95-57B55ABE4CAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{141088AF-4D12-4983-9C75-CED914A2E4CF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{142F06D1-C9C9-40B7-B3C4-4E35B88F91F8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{15205484-FE1D-4478-B543-3693DDF395F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{155AE22C-C48B-4B23-B7C1-346429B7CFC4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{155B55DE-886E-43EC-AC87-E11B39798539}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1565AD70-3923-4032-80CB-7B95B8E88C3C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{17B1621A-BB17-4BAF-8150-0496AA0F5746}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18300B7E-1F20-498F-BD68-FE98BD54B56F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1BB7C0BD-DB3D-4A55-B09D-010DE0EF1D47}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BF1330F-74D5-4454-B9E4-A6BC2616AB0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D64E61A-E1D7-430F-A281-F0AE285576E8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DCD47F9-81DB-4C35-9EEE-25AB30A5C2ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{213D4CDE-03CE-41B5-99D2-2A213622977C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22D92ADB-B00A-49C1-914F-9301C3C7814E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{24716393-CC59-48A4-9387-A17FD565510F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26EE2E80-E219-4F8A-97A9-FEE06B95B942}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{27172EDA-A0BD-4017-AB2A-93E8283F1E9D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{277ABE95-A167-44E7-8D1F-D5DF08618124}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2A04E802-3474-4C3A-B160-95369BDA189E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C68C528-7E39-4AD4-8D7F-2668D43AB3FF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2E6D829A-2AA3-4D84-B2D7-22576F676E24}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2EC41837-0472-49ED-8B29-9BF5A583E4D0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FEA9BE3-AE7A-41F9-B7E3-5A16A5A53ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{30FDA66D-0A83-4F3A-BB19-927BA70154E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32708442-8F18-44EF-924F-F8241A600D16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3392C83E-E042-43E1-8A84-C56A4807BA4D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34D8D338-0D68-498D-8684-30AC52068051}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35BA69C6-ABAB-44B4-BD25-C0ED75D90084}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35DA5118-C305-458B-A765-5E5C58DAA1E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3800480C-05C2-418D-BDDB-B21F0C713F8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38EC492A-22E7-4D24-9EE2-B647C44D3474}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3949223A-CBCC-4D73-8BF1-FCC67DBA8F0A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3A9CF58A-00E2-40D7-8539-DAA89A224257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B3FA717-6276-4DAD-A5BD-C67A4128F9B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C2E9391-B105-49CB-93BA-229F7D131177}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3C9220F4-3C57-4F1C-BFFB-A8CAA7ACE9AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CA40468-6431-432B-A567-AAC7BCB40E31}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3EC76907-B608-4C35-A983-D776E5B5215A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3FF0FD0E-430D-4152-A8F4-9A8D203611AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{40A445BB-B02D-45A0-BFF2-F9C37BA4DFCB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{40F1C466-9CE1-4A77-A3C3-A7E2BB9D1C2E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42ACC1ED-1DE7-4030-8F12-777425E97E2F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4755DC46-DC33-4F36-9862-29CC48C85510}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{483E3372-58FF-4BF3-B284-5EA04D8CE97C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4861BC21-E9C1-4065-B9FD-87D03CB8F396}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4E886FF9-27CC-4587-8B87-C95E29DE1AB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F0F5160-2768-4C57-90A5-7B5A98E42628}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4F5345E2-ECDF-47B3-ABF3-A1C52C8AE956}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{51085C9F-DDC8-41E8-9363-4C85368ED5E1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5268D1E5-8058-4E58-91BB-CC782DB7D426}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{52B3E42D-5FDE-4677-8736-7FB498900920}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{537340B0-C168-43F8-8A65-16B694716AD5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{53B5A8AC-CF2F-4C22-A7D1-DB238F9EFB6D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{56E8C710-079A-4DD7-9C77-B63EE2D4809B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{585672F1-AEF6-4D26-BBBC-8ECFFDFF23B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5A0A058D-5798-49C1-B5C2-9EBAEE704A9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B3C8F0A-6048-4668-A000-7402832B9E8B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{5E774BAE-25D1-4B1A-8157-3521D89CF1AC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F25950B-5722-4DB2-A8B6-04D36C901E32}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{60917961-D998-4F80-9DD4-DC4A9ADDD889}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{60BAEFAD-73F5-4DBD-813A-813B9889448E}" = rport=139 | protocol=6 | dir=out | app=system |
"{646FD581-1942-4C78-9F32-5566B8BABF13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65A629A0-4A44-4CAA-956D-8F03C6DFBC3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{681CC7BE-8268-46B8-8649-E5DBC1779112}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6CD4FC27-CC60-4B29-86B6-EB9E94CABE2D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E9D965C-8C85-4186-8FE4-7B33ADDA2C3E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{70A18C2E-B5CF-4ED1-92B9-9E7A0695941B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7130441B-E9B4-4DD0-B9E5-A2615C784224}" = rport=137 | protocol=17 | dir=out | app=system |
"{713B04DE-16FA-479B-9A39-FBB0C35690E5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{747391D3-46B7-44FE-87A0-C3A10F20B441}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{75E2A47C-BF81-41B6-BEDD-9CBDE7551C17}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{75FA01A9-1D14-40F7-B713-D964358123FA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76CE00F0-B64A-413A-A03C-2A1CF0037B39}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{76E91AE8-1014-4D3D-B81B-619984616CBE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7790D5CE-D67D-47DC-A2D2-6EEB67BE7355}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77B428D0-B411-45A7-AF20-CB571C2F529F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7B13977C-3CD5-4F61-8B67-4506F645A9CD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7C617E88-05B6-4EEA-B11C-40ECFFE1E5EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E549CEF-CE0E-46A3-9C0F-C1EFFA6AF2A2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8227591A-DF4B-404D-B215-0B223D18CB16}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82AE5482-91A2-4C79-9DB9-BC85CBD9C957}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83049533-BAEE-4307-A42A-9221391286CB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84A42A51-7D73-4109-9F5D-E3DDCF053D32}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{895D8A1C-DFED-4941-81AA-106F20E29B5F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A1E05AE-A83D-4DB9-8D8A-EC979B086167}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8AA142CC-0C9B-4DD2-BEB2-C7505F6DD214}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8AFC0736-BB4A-4D4F-BBD3-8DA869CC7B20}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CCB9618-8AC4-4CED-B2CD-F4C5E006AA5F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8DA3707B-E5C4-4D15-AB1E-4BF4EAE6789F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E86998A-042B-4853-B892-3C0A5AE124B5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91E8B5C9-9F2E-4241-BBA8-7043C6BD3861}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{92EF53CF-BD03-47C1-97CB-5A47173F8AC3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{95958290-4BC7-49DC-9236-4C9E7084DBE4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CB28E4D-5507-4263-A4DA-2FBFB285C017}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A19F576A-E1BB-4687-88B6-A2558C008D92}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A37BF5AE-4662-4CC0-8C57-8C7CE14CB347}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A40A1ADD-BA87-43C3-AA9B-35C801ED1EED}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A557F18C-D712-4873-BED7-08F22B21F6F1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AACA3EBE-C518-4328-9020-BFD0FD3A0B77}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD774923-F8CD-467D-A262-84FD4117E4BC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ADD5D9CF-6FF1-442E-9245-0E227E70491E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AE43E139-46A8-43C4-A6C4-578E82A8DA78}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE48E564-790D-4526-9E58-0548A4F38EFD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF1DAF5E-C138-4563-A0DA-9E94E094E806}" = lport=139 | protocol=6 | dir=in | app=system |
"{B00CC71E-CA4B-4F22-8FC0-B165D2CFB51C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B0C64DA9-A1FF-4A02-BFF5-5308338BDD1B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B27D1C9B-8A30-4EF1-8630-6CA705CA6DEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B3CA32BA-7AC3-4448-9368-FA6D1F48E689}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4A72791-1BAA-4642-B06C-ABE603BFC683}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B5D9AE15-210F-4F45-84A3-52DEEA1FF8C7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5F28172-6C9B-40B5-AB73-460D8884D7B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC0909C7-850B-44AF-9A32-52A91BD74F12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BC4FD368-FB1B-43E8-BE4B-B994D0DFD9CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC62128D-44EA-4BA2-94E1-CF4E36C27EEC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD30CAA6-DF96-4C29-8D99-2F3EF0222EA1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0277129-E751-493B-AE6A-6C577EFD21F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C0C0B1E4-3278-413D-A456-6839144BF4A7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C218C3FD-74B1-4205-92EC-24CF4DF2A3A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C2ABBBED-601E-44CC-8AA7-4D22B874AAC6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C384AAF1-6B4A-437B-9D5A-FECEA4174C82}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9FBC920-ABF9-4996-90D1-B30A19F5B9A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAFE7EBD-61E4-4AFF-A1D1-9DD98CB400DE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CB3C2834-287D-42A0-8B8C-DE2679A62152}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CD3C3E14-171F-4BCE-997A-FA75F98ECA12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CDBDB64B-DDBC-4F2C-884C-8118D052F268}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CEC13078-D50B-4105-B458-66155821F9C2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D49751F4-7AB3-41ED-A012-62CBC6E425D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D53D73E0-32BF-4CFF-835B-4E85DDE24257}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D54905E9-BE39-4BCC-8465-F0B4EAC6E03D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6D638E6-9797-4215-9FE8-0C4F69F292E4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D952AA86-FA86-4D8A-94CE-A77C51129BAE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DB33281B-6622-4D18-A954-68194DF65A22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DC3B1832-0FC3-4124-92D4-78B00778CA12}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DCACE458-05F6-447A-9692-619F0E99A4C1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD010796-94B9-4753-8CC6-A0FD23196216}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD2FB93A-CFD2-4F74-90B7-547DD7D1BFDE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2A914FF-BCC7-4BE7-A137-485D01B08CFF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E601CED7-F036-4DD2-840B-F1847A91202A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC44FED7-F302-40F7-BFA6-B5BE1426E3F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED31CF14-D32B-47F3-9065-DC09F48FB23D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ED5D1728-2B4B-4B5A-AA1E-FC8B7A8A6298}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ED76BA01-03AB-435E-909D-37ABD06EF687}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EDD73E2C-0239-495E-AE00-649C4B74C184}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF67CC55-54ED-4736-8552-EC34EF0C4D98}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EFCEC70E-77B5-4CDF-B04A-A13954013BBC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EFEA2412-5843-4CB8-9391-59581AFD1989}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F4CB84C9-CB62-4F00-8E63-7631DD0989F2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6A3C6B3-8934-4C99-B932-3C032C8B0794}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F6BC9C84-6B53-47E8-A8CA-27D0327D4BD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F725F698-358B-4D45-BA54-1BA0DE0F9F26}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F7F35D45-81A2-4D5E-AB10-F2C03D6DA02B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F82F1857-A57F-4AEF-82BB-0CEB4AAF9A8E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F8E55C3B-B70F-49B5-B23D-B57F55BB74BA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA31C950-CA6A-4BCE-A1CB-C33E93EEFAB9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{FADBBE4C-2D59-4B04-9607-9C073B3E969F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{FCD859DD-3984-4758-A161-15C404E0AC11}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FECAA902-4191-49A6-97B6-A2270E0699DB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D5E9B-5DAD-4B3B-944B-221B70BBDD4A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03382582-BFB1-47A1-8A16-D8AE1065818D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03DCE02C-6901-43D1-9A67-9379502D5A55}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03FB49E4-4D82-4ADD-8D0B-45F16A276814}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0407F2A4-CD73-47DE-8DF4-6E7770E441DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{04932CD9-B95E-4E5F-881E-0D8A65ED193E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{05E38AC1-FD14-4606-AE13-002C710134AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0815D610-06FA-4872-B85C-FC9B588BFD51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09BBB080-BA29-445A-9DB5-927292E858B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09C8E478-AD55-4970-98BF-C8B602E691C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09E3CB00-8873-4253-B275-3A34C6CF7CEB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{0BA89406-9351-4FB3-80D8-261C5B6990FE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0E47C096-9542-4406-92F6-8D0C76D23A29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E5E8836-48F3-4AF5-ACEA-F27DFB1B2426}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EF0EB4E-F8C1-4FD2-AF50-B3C041AA0696}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{102DCA7A-C677-4DB2-A4AC-4EDDC2A52395}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12786051-7FC0-493D-AD7C-BF8F5DB4F16A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13BDCD66-5641-4D8D-9B40-8F73240CF494}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15214601-B732-4C9B-B1FD-EBB0A1FF9700}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15CA399E-420B-4944-9DBA-C2D375403B6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1607D4B9-2601-4B25-A2E5-1293CE6FD91B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{175B143D-EB90-4274-BC14-A719DA1F03C2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{179A3E6C-47C6-424B-87CA-65597A54C326}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1979C026-AE04-4ABC-A0DA-C09B6B0C845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A28CEBF-A430-415B-BD95-D1491DEFA0D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A426EAC-C244-4F75-8DBF-D179B6FEB0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AD4AEFD-4A6F-4528-B3E7-A0D2FD138690}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B37F83E-75AB-419E-A0F4-96CEA1BAF90F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B584392-1DF3-44A4-ABA5-18E8A31CDCD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D9207E2-FF18-4955-9F7F-6865AA5B4A55}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E171D57-2568-4763-94B7-EC090FE45BB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1EBF99BD-3F73-47D4-B67D-758A2D737C51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1EEC2939-D3EF-4CAF-943E-C5B91521520D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7DD8C0-D3BA-4EB2-9689-0E5636CCCCE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20BCD520-DD98-41D5-B2BF-E914872996FB}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{20D2EFFC-4E01-4431-AC1B-876FEDAD6D36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2294CDE8-6877-4F04-B608-0B1960B3F411}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22E30252-4009-4BAB-B4E8-F7A735101564}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2353297A-93FC-4C63-9F77-1567E7A38731}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23943505-C1CF-4A48-A137-0F6A0E8E676D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{244FDF4C-18C2-4003-AF15-1802ABEDA6D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24D4DB1C-4D99-4B2E-AC8B-505A44420572}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24FFB575-FCDB-40A2-A36E-F85C56EC81CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28E95F5E-E632-4E31-BCF5-82EF999C9035}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{2A3C10A5-644C-4501-A9F2-C2CD8876D334}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A3DF8E0-3BBC-454E-9E5D-9614769039D1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DD4C8C0-4339-43BA-87B2-2F1533BAE42E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F3DF510-3650-4032-A457-FD8ABE3DB1E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{302D41B3-7669-45A2-B62E-84F1A286A3B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{30A63774-A019-4A4D-AA98-A41972EFC7E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{321C338F-A036-4C49-A1C9-677D7B9A68E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{334DE27A-AF20-43D9-9FEF-35511E1C7198}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{353418C2-10AD-42D3-BBDD-460E0BAD564E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35B7EE5D-29AC-47B7-816C-93BE94F5A07D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35D5C36F-2A18-481E-A820-34E1166916A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36EBEC9F-94C7-4EF4-A5DF-7D9963F4BF28}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{370F7AE7-2F9E-4855-96DA-ED56785C0EEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37AC8DA0-3AA8-4A02-97AD-A28CC5C54EBE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B08F561-4324-4491-AD0D-14F99C25D97D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B782631-2333-4801-9355-C415F899E77E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BF5BB5A-21F3-4B75-A14A-C867A8F27086}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3C14A090-A41E-420B-84CD-5B2E0B7E810C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C9BE420-823E-437A-AE8E-E111858EEC16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CE3D007-738D-477E-B74A-00AA66D90501}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F94AE19-EA1A-40FE-8F6D-FEDC7A13A69D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40DBFF9B-01A0-4FE2-B610-C9C25E3799DA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{43EDD6DE-7712-4427-BF4E-F1DEF8B33FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4454DBD2-0E51-415B-983E-4AC079B07917}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{459FBB82-1117-4338-9FDC-0D5732F271D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45AF1233-3435-4625-9012-19556F546D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{466B7CEF-FC61-420F-8E2A-F145A0538462}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{46DC4955-2EFA-430E-8EF0-B4D58D11C0BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{484CB5B2-1DD1-4C24-A449-A63654D2CBE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{48882EEB-1C60-4FCE-8D32-CA05A0A10418}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48E6CB7B-D7D3-4C91-95C9-0F7334AECC7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49138DEC-964E-48A0-834D-7B3E7AAD2BE4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A39CC2C-F1C5-4FCF-AED4-51BD152A2216}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4ADC6FAB-FE60-4B36-BD6B-BE7B30471E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B702E29-293F-4DCB-9FE9-D422EA0F9BDF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DD68B3D-EF17-4C9D-9A4D-B047DF2426EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F3AA876-5D44-4B46-AC96-10134BAA7690}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{51F5327B-30A9-4F5B-B392-837D66D1DAEF}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{52375B17-76D6-4540-AF34-D8C590D0A0E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{527760D7-5FC6-419C-98A6-1F15B39FB0C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5304DE6E-1D02-46D6-BA5B-2307F0BFBDD8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54A52C3C-F1E4-476C-80FD-7FA44734695F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{582A6BC0-F326-42F9-B188-6A269FEFA8E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{584188B7-5F99-4EB3-8801-D523BD5AFD2B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{588C65E7-229E-4BA0-9685-648BFA74EF76}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59250988-DCFF-4B78-86B9-CED01BA86D64}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59483677-1C4D-425E-B4D8-E3EEB4ACDA97}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5A78EC14-15EE-4D69-96B0-C6510FFEB2DB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5CA21A77-D90F-4A4A-AFC2-B2FB746E27D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5DCE4C6F-7A8C-4C27-867B-1C500F8EC3DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5FFCF9BC-70B0-4F8D-9DB4-CCE38E2A0434}" = protocol=6 | dir=out | app=system |
"{6207E16D-E7BA-4B78-B01E-56D57515CA9A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{63925537-9E69-4778-88B0-65817485C186}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63F04650-DED6-41D1-BAF5-661C8A81384E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64D24DAF-7FC6-4CA8-BBF1-D5907F56D878}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69815289-1019-4B43-AA7B-14498F4DE87A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C7E804A-6375-41B6-9009-4438213F386A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70507548-967C-481F-B568-11F8F27A2390}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71F62C37-38D6-4714-9B7C-B0D6F9C1EF3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72F0100F-5374-49C3-B985-727F9756B3BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{730DC661-00C7-4E22-AF55-87DCEB7A5EE6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{736FD27A-6166-441A-9B0B-359D990178D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73E496EC-F57B-40CF-A16B-B50ED8AA9C78}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{73F28391-8A44-43DA-BAB8-36767E64CC76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{765F2C19-E392-40D8-BAC2-1854030A648D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B746E5F-AC88-42B0-B7B8-7E9E8F6205C6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C548850-FBC6-49AF-B146-01BEBCDD2634}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7D440C0E-D384-4B7E-9C66-78D77E846B82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D7EE718-36D4-4CB0-8FF5-9E3F2271412E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E084E45-B2C2-4F7E-B4AD-AF6E60DD63E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E97D678-00BD-4F40-A16E-BB2FFE165D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EC7B46F-FC1D-46AC-BD46-5A8EF1BD1397}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FEC6A15-D4AF-4F9C-87C7-CE5423E6662F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81BDD156-A97A-4B54-9403-A4E3E8B6539B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{83A0885F-3974-457E-9147-0F29C555CE95}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{843F4A34-01D3-47D6-B543-429E0F004E58}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84668F84-5E05-40E4-A4AC-8957D349C6EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84841F99-18BA-4713-9C5C-BCC9764FA3F4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8627A268-A1D7-4F8D-90DA-1F9B6B5B8616}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87148B4D-26BA-435E-8DD6-505391B73FEE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8830A517-C784-44A5-B677-1EF45CEDD620}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88674758-1487-4E5C-8FCA-5865CFBBABF2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{887AA9BF-7C57-49FB-81AF-6E2F87CCE519}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89509C3F-B34C-4C67-B822-AC72AEB4078A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89D3239A-E26B-43F7-926F-F94D4407F30B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8BF505F1-9C24-4613-9B23-34897D027906}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C9AF6EC-9C4F-4F96-8DDD-46E422AE1840}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{8FACA785-846D-4BE3-847D-BF9233FF0CEB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{908D3D36-782D-496A-B0CA-56CF34794BE3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{913562CE-65C4-49A6-A308-4538DDCFF7E9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91583BDB-8045-4023-972E-6D0CC6432B62}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{926081A3-B54C-41C1-A0A4-E0CC76618017}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93347FA8-46D8-4B23-8647-5D1469D2C675}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9587C2AE-48A9-4564-BF6A-0C53B51DF989}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{961C6FBE-5BA6-4E60-92B2-86A0864BB6AF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97E9862A-6B1B-41ED-8195-4107F3C9D5B6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99C199AB-DDF9-4217-9C82-C8E9C606F3F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99FCE5AC-D625-48CE-9C6F-7D7E5DA7BB98}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A9FC560-B706-48B1-ADDF-1060AE826C71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AEB6800-F81B-4254-9E06-2ACD397551C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB22D9A-5407-40CE-9D6D-70F0B8B635E8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9CD8736F-CA0A-4F85-A155-91D426EC795E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DE54B93-CA5C-4B57-AFA4-296B9697C02E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E42A336-056E-4B73-A255-04AD982464EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EC1561C-229B-477C-87FD-245FFE1027F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FF9773B-8AC5-4A1D-8D37-6C1DD094A289}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A11EE0D1-C4E5-41D4-8FB7-BF9CE6317478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1D5B473-8F8E-4012-BCFC-777C996CD52E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1EBE228-5F74-4B6E-8AD8-679BAA85E519}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A338C340-8301-4368-88B8-75A917A302B3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A428ED93-5DDA-4694-9BF1-172A6BF62C37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4F6C352-A021-4C1D-9C7E-D06C72A7097A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A50D251C-587B-4205-897B-EA1754E5F91E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5D06B21-F12F-44FD-8BA6-0483FD0F417A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A60044CC-464E-43A7-8D80-5F6678B895EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A69A10D1-D2EB-47F8-897B-38D04ED65FE2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A76C6D0E-ED0D-471E-B917-180DB5743214}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A84FE189-09C3-44E7-A83D-9E1DA832250E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8C58CF9-11E5-45DE-BD25-9B9B50EB50CF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A8FB9339-92DE-4E27-8DEC-8F2943D9CF88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA8DB0DD-9F78-4369-AD65-BFA85907642A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC087716-ED3F-47A7-85AD-E8477783DA03}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC675AAA-1578-47E7-B809-B5CB1279D0CB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0ED7F60-1575-4C56-9955-9EEDDAE3E0E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1852A6E-360A-429A-A5EA-926790051A2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
 
"{B1B01344-7C80-47D6-8897-F157607CDD0C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B1C379DC-EC1C-4682-B115-33DC2FFE9714}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4B64DEE-BE58-4AB5-90ED-DC16ED9C86B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B52136E4-F305-4883-9F6E-2252976E2499}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B669AD9C-6412-4164-9C12-C27113404885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B68A9A69-C623-4F53-A7CA-C42DBC5F5A64}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9ACAA4A-738E-4140-A753-B14D10401F51}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB1B28A1-9274-454C-8D63-25C2F92F762A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BCB9DD07-86F3-4F85-A4E0-E733E2BF9B4A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BF6002EF-7FD2-46ED-B73F-0EB5B8136B4D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C334BBB1-4FF1-4B47-AAA0-477D9074CA60}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4ADA759-68C6-4FF9-AE24-94DBCE4D0599}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C53B4DD0-C6B1-44AB-BB37-8C5EC9C4DE64}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C7409413-FF95-4418-97D1-D8B39AEF4251}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C7E71C49-6DB8-4E4B-B68F-FA2A8E3176CB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C802B56D-BD03-43A9-BCAD-55A4875FC9E3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8CF3DC5-0298-43FD-970D-A2BD325A51EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9679763-E364-424A-AE72-8CDC7941812C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C96B4F98-C14D-4591-874A-9AFA7DAEF0E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9A82F63-8653-41DA-B98C-3CAD69926BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CBC28E51-8193-442F-A9F6-769B701BBF7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBE6B8E0-1769-49F6-ADBE-C79FEE84B2A9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC56C90E-D157-4092-8651-AA72A144133E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC9AC596-DFE7-4DBE-B478-49F4EFB2A358}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE144C62-B9CC-41CF-9279-A6CB3FFF4889}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE43F32B-CB9B-4F2D-B40C-6A3BB57339CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF93C0FE-0243-4CEF-99A5-27BD9ECB778D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFCC0967-7348-4746-B338-963F38913109}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D04EEDD6-E3BB-45ED-A298-355B29A894A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D08245E9-985D-4187-9C75-4B7BCF6662E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D17A6B5D-67F0-49DA-ACB6-0B150440211B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D20AB5D5-3C29-4329-BDD0-A809CF3B5592}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D48598F9-F2CE-4A21-8B9B-7FE36B80BFA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D4BFF057-4987-474A-8228-7B047DA84648}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5DF0AA3-F71E-4C53-BD91-5E4B74E536B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D79A7DF1-82C3-4AAC-8BF2-C59679D855EC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7B28156-498E-4D9C-AD8E-DFA077024735}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D846CEB0-9843-4D75-B50B-BF6C52ED7F40}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAC3271D-8A92-4BBE-9CBD-407E2558C735}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC1588C1-CA2E-4C5B-948A-E92C656212BE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC571B2F-E71B-4540-BD62-510821676061}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCAB2084-5730-44C9-9643-05B1AEB943DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEA7058B-3F03-4AEC-A46E-9FEA014A5D32}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF2DAF52-BDF2-457D-A9D7-7EB10CEF3F63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DFA4CC72-F74F-4EFA-8779-61F223FCB41A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E23B0CCB-74CB-4316-B475-BFBAE80EBC71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E4B11FC3-D9F7-44D5-8242-909DD010355B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E578520F-6B9D-41AF-A5F9-695A78D4185C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E5EB0661-675C-4531-AB8C-18F41AE76C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6218E52-BF7E-4BF0-AFB3-4AF86F12CC11}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E6E62312-6CDF-4C55-9368-13B9DC53DB0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E731EED4-DCAE-4BDA-AB2C-BE56CD5766B9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E7ADD68E-C1AD-43C3-A43B-FE496751709E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E86CD880-11E9-4526-A40D-ABC129D4F127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8AA1D20-BC87-4BE3-A8A0-2F314B6BC12A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB8E1083-2519-4C83-9945-AC633C439C9C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED7A5B77-EA3D-4A41-A027-B868EB81EF9C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE5F86B9-CF8D-4254-AD3A-06E47CD30190}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE61E9CB-A652-474A-8D12-16394B3D887F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE81C824-7DD0-4B4D-ABB2-53039E6CB818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EEA0B8E6-89EE-445A-9E04-DD0C9DDF9CE5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF7DFFFD-E8CE-48E4-A605-5AEB6BCDB1BA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0BCD61C-096E-4220-B163-59077E2DA764}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F156A059-7A26-47F1-97AA-F541E08EC54C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1C0DF24-5E92-4527-A124-DE0BFA47F0AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2FF5AB5-B834-4030-AAEF-EA7A4DD880E4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F420141E-AA54-471E-88DC-2CF99143CD3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F61FF66F-545F-4F77-81B9-18BC2E267030}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F70E3FD9-39B0-43FA-9215-1979B4C01E6F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC4DB5CE-51BF-4C54-9C11-3D4BA0CDC139}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0494B836-5B27-40FA-8EC7-FA4318735FA3}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{29711B17-5743-4167-9C30-2B5BE47F315F}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{FB9F253F-C515-4B7C-83DF-D67C22AC7677}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{7AD94215-B797-4A9F-8FAB-83B3F6425FAF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{958EA526-2A90-40A4-A69C-E9238DFDE89C}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{A8E00F96-7A89-4A42-8786-E8CCEE7364D1}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB03D40-B79D-405C-A214-760EBCDB0EC3}" = PCDJ BLUE VRM
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9FD3A8DA-2E36-4649-AEF1-41A110BD3CB5}" = PCDJ RED VRM
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AABEF0A3-E6AE-4743-B02B-765D05F3F4B7}" = PCDJ FX VRM
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.2
"Absolute Poker" = Absolute Poker
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoGK" = Auto Gordian Knot 2.45
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.130
"COMODO Internet Security" = COMODO Internet Security
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Driver Magician_is1" = Driver Magician 3.49
"DVD Flick_is1" = DVD Flick
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-lab PRO 2.3_is1" = DVD-lab PRO 2.3
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"FeedStation_is1" = FeedStation
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FrostWire" = FrostWire 4.20.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPEG Video Wizard" = MPEG Video Wizard 4.0.4.108 (03/2008)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PCDJ BLUE VRM" = PCDJ BLUE VRM
"PCDJ FX VRM" = PCDJ FX VRM
"PCDJ RED VRM" = PCDJ RED VRM
"PCDJ VJ" = PCDJ VJ
"PCDJDex" = PCDJ DEX (remove only)
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007 Trial
"ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TightVNC_is1" = TightVNC 1.3.9
"Tor" = Tor 0.2.0.32
"TurboTax 2009" = TurboTax 2009
"TVWiz" = Intel(R) TV Wizard
"Vidalia" = Vidalia 0.1.10
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.549
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD4PSP5" = XviD4PSP 5.0
"Yahoo! Inquisitor" = Inquisitor for Internet Explorer
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8f3d5f316bf9c08f" = OffiSync
"Absolute Poker" = Absolute Poker
"dotoo" = dotoo
"Flash Video Downloader. Youtube Downloader" = Flash Video Downloader. Youtube Downloader
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:29 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:00:32 AM | Computer Name = WulfLapTop | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/12/2009 6:11:18 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/12/2009 6:49:12 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/12/2009 6:52:57 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/14/2009 10:02:42 AM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/17/2009 7:52:46 PM | Computer Name = WulfLapTop | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6504.5000, time stamp
0x49e7f47e, faulting module OUTLOOK.EXE, version 12.0.6504.5000, time stamp 0x49e7f47e,
exception code 0xc0000005, fault offset 0x005d1b2c, process id 0x26c, application
start time 0x01ca7f726aedf760.

Error - 12/17/2009 7:56:56 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 12/23/2009 1:04:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/24/2009 9:14:23 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 12/24/2009 10:20:58 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 12/25/2009 2:05:09 PM | Computer Name = WulfLapTop | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

[ Broadcom Wireless LAN Events ]
Error - 7/8/2010 10:19:55 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 10:19:54, Thu, Jul 08, 10 Error - Unable to gain access to user store


Error - 7/26/2010 9:42:43 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:42:42, Mon, Jul 26, 10 Error - Unable to gain access to user store


Error - 7/29/2010 9:11:44 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:11:44, Thu, Jul 29, 10 Error - Unable to gain access to user store


Error - 8/1/2010 1:24:53 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 01:24:52, Sun, Aug 01, 10 Error - Unable to gain access to user store


Error - 9/8/2010 12:20:58 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 12:20:57, Wed, Sep 08, 10 Error - Unable to gain access to user store


Error - 9/10/2010 11:35:21 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 11:35:20, Fri, Sep 10, 10 Error - Unable to gain access to user store


Error - 9/12/2010 3:42:35 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 15:42:33, Sun, Sep 12, 10 Error - Unable to gain access to user store


Error - 9/27/2010 10:26:47 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 22:26:46, Mon, Sep 27, 10 Error - Unable to gain access to user store


Error - 10/7/2010 10:41:54 PM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 22:41:54, Thu, Oct 07, 10 Error - Unable to gain access to user store


Error - 10/8/2010 9:37:18 AM | Computer Name = Wulftop | Source = WLAN-Tray | ID = 0
Description = 09:37:18, Fri, Oct 08, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 2/25/2008 7:58:32 PM | Computer Name = WulfLapTop | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005

Error - 2/25/2008 7:58:36 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 2/25/2008 7:58:37 PM | Computer Name = WulfLapTop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 2/26/2008 8:31:17 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 2/26/2008 8:34:21 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/26/2008 8:37:39 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

Error - 5/23/2008 6:58:11 PM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/28/2008 9:45:09 AM | Computer Name = WulfLapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 5/15/2009 12:32:25 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/17/2009 7:52:43 PM | Computer Name = WulfLapTop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 690
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/8/2010 5:19:23 AM | Computer Name = Wulftop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/30/2010 1:56:48 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/30/2010 2:12:10 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/30/2010 2:23:19 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/30/2010 2:25:05 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
Description =

Error - 10/31/2010 3:42:16 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/31/2010 3:54:55 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7030
Description =

Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 4:03:21 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 4:05:04 PM | Computer Name = Wulftop | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 
Status
Not open for further replies.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni

Latest posts

Back