Hijackthis Log[INACTIVE]

[aidomagoo]

I recently got a keylogger and have tried to take measures to get rid of it. I have installed and run spybot S&D, MBAM and ATF Cleaner, the problem is I cannot tell if the logger has been removed. This is the hijackthis log that I got after running the above mentioned programmes :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:16:52, on 11/06/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\conime.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ZTE Mobile Connection\Datacard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D32C17-E5C3-4B5C-BBEE-807BF7979D11}: NameServer = 172.31.140.69 172.30.140.69

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 7122 bytes

Any help or information would help give me peace of mind with this. Thanks in advance, I think what this community is doing is really fantastic.

[Matt]

Hi, and welcome to BestTechie! I'll be assisting you to clean up your computer. The first thing I need you to do is follow the steps in this thread. Make sure you go through all of the procedures, and post back here with the logs you get back.

Matt

[aidomagoo]

Ok here goes, I did run MBAM a few days ago before running all of the checks and programmes you recommended here and it succesfully removed one peice of malware and also ad aware picked up a win32backdoor Agent :

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

This is the current MBAM log from my latest scan after following your advice :

Malwarebytes' Anti-Malware 1.37

Database version: 2270

Windows 6.0.6001 Service Pack 1

13/06/2009 09:32:18

mbam-log-2009-06-13 (09-32-18).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 252734

Time elapsed: 1 hour(s), 17 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

This is my Rooter log :

Rooter.exe (v1.0) by Eric_71

¨

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

32_bits - x86 Family 16 Model 2 Stepping 2, AuthenticAMD

¨

C:\ [Fixed-NTFS] .. ( Total:466418 Mo - Free:317745 Mo )

D:\ [Fixed-NTFS] .. ( Total:10519 Mo - Free:1437 Mo )

E:\ [CD_Rom]

G:\ [Removable]

H:\ [Removable]

I:\ [Removable]

J:\ [Removable]

K:\ [CD_Rom]

¨

Scan : 11:22.32

Path : C:\Users\Aido\Desktop\Rooter.exe

User : Aido ( Administrator -> YES )

¨

----------------------\\ Processes

¨

Locked [system Process] (0)

Locked System (4)

______ C:\Windows\system32\csrss.exe (580)

______ C:\Windows\system32\wininit.exe (628)

______ C:\Windows\system32\csrss.exe (640)

______ C:\Windows\system32\services.exe (676)

______ C:\Windows\system32\lsass.exe (688)

______ C:\Windows\system32\lsm.exe (704)

______ C:\Windows\system32\winlogon.exe (832)

______ C:\Windows\system32\svchost.exe (924)

______ C:\Windows\system32\svchost.exe (988)

______ ?? (1080)

______ C:\Windows\system32\svchost.exe (1144)

______ C:\Windows\System32\svchost.exe (1160)

______ C:\Windows\System32\svchost.exe (1220)

______ C:\Windows\System32\svchost.exe (1268)

______ C:\Windows\system32\svchost.exe (1284)

Locked audiodg.exe (1424)

______ C:\Windows\system32\SLsvc.exe (1456)

______ C:\Windows\system32\svchost.exe (1564)

______ C:\Windows\system32\svchost.exe (1876)

______ C:\Windows\system32\TDSupportApp\cdrom_mon.exe (552)

______ C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe (572)

______ C:\Windows\system32\svchost.exe (1704)

______ C:\Windows\system32\svchost.exe (1744)

______ C:\Windows\System32\svchost.exe (1640)

______ C:\Windows\system32\SearchIndexer.exe (1780)

______ C:\Windows\system32\WUDFHost.exe (1388)

______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2112)

______ C:\Windows\system32\wbem\wmiprvse.exe (2608)

______ ?? (3412)

______ c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (3104)

______ C:\Program Files\Windows Media Player\wmpnetwk.exe (3296)

______ C:\Program Files\Windows Live\Messenger\usnsvc.exe (2148)

______ C:\Windows\system32\taskeng.exe (2788)

______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (4884)

______ C:\Windows\system32\wbem\unsecapp.exe (5092)

______ C:\Windows\system32\Dwm.exe (3268)

______ C:\Windows\System32\rundll32.exe (4124)

______ C:\Windows\explorer.exe (3880)

______ C:\Program Files\Mozilla Firefox\firefox.exe (1492)

______ C:\Windows\system32\taskeng.exe (5776)

______ C:\Program Files\ZTE Mobile Connection\Datacard.exe (3828)

______ C:\Windows\system32\SearchProtocolHost.exe (4800)

______ C:\Windows\system32\SearchFilterHost.exe (856)

______ C:\Users\Aido\Desktop\Rooter.exe (2696)

______ C:\Windows\servicing\TrustedInstaller.exe (6056)

______ C:\Windows\system32\wbem\wmiprvse.exe (3124)

¨

----------------------\\ Device\Harddisk0\

¨

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

¨

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:489075116544)

\Device\Harddisk0\Partition2 (Start_Offset:489075148800 | Length:11030100480)

¨

----------------------\\ Scheduled Tasks

¨

C:\Windows\Tasks\Ad-Aware Update (Weekly).job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

¨

----------------------\\ Registry

¨

¨

----------------------\\ Files & Folders

¨

----------------------\\ Scan completed at 11:23.02

¨

C:\Rooter$\Rooter_1.txt - (13/06/2009 | 11:23.03)

This is my OTL log :

OTL logfile created on: 13/06/2009 11:25:37 - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Aido\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.40% Memory free

4.00 Gb Paging File | 3.97 Gb Available in Paging File | 99.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.49 Gb Total Space | 310.30 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Drive D: | 10.27 Gb Total Space | 1.40 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SMEXUAL

Current User Name: Aido

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()

PRC - C:\Windows\system32\TDSupportApp\cdrom_mon.exe ()

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()

PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\ZTE Mobile Connection\Datacard.exe (ZTE Corporation)

PRC - C:\Users\Aido\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Autorun CDROM Monitor [Auto | Running]) -- C:\Windows\system32\TDSupportApp\cdrom_mon.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()

SRV - (DTSRVC [Auto | Running]) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (LightScribeService [On_Demand | Stopped]) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (Afc [On_Demand | Running]) -- C:\Windows\system32\drivers\Afc.sys (Arcsoft, Inc.)

DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (cmdGuard [system | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)

DRV - (cmdHlp [system | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)

DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)

DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (hwdatacard [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (Inspect [system | Running]) -- C:\Windows\system32\DRIVERS\inspect.sys (COMODO)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (Lbd [boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (nvstor32 [boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (PdiPorts [On_Demand | Running]) -- C:\Windows\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (Ps2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)

DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (SNP2UVC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\snp2uvc.sys ()

DRV - (sptd [boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (xusb21 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\xusb21.sys (Microsoft Corporation)

DRV - (ZTEusbmdm6k [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys (ZTE Corporation)

DRV - (ZTEusbnmea [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbnmea.sys (ZTE Corporation)

DRV - (ZTEusbser6k [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbser6k.sys (ZTE Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/13 00:46:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/13 00:46:14 | 00,000,000 | ---D | M]

[2008/07/04 22:29:24 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Extensions

[2008/07/04 22:29:24 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/12 13:58:47 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Firefox\Profiles\ytzkuizv.default\extensions

[2009/06/11 09:12:00 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Firefox\Profiles\ytzkuizv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2008/07/05 12:28:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:46:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/06/13 00:46:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:46:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2008/11/13 14:11:51 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (307145 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10574 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)

O4 - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)

O4 - HKLM..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" ()

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent ()

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/04 21:11:16 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun

O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found

O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun

O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found

O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell - "" = AutoRun

O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell - "" = AutoRun

O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\Shell\Auto\command - "" = Cn911.exe

O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell - "" = AutoRun

O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009/06/13 11:24:39 | 00,000,000 | ---D | M]

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/13 11:24:03 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Aido\Desktop\OTL.exe

[2009/06/13 11:23:02 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/06/13 11:22:01 | 00,128,933 | ---- | C] (Eric_71) -- C:\Users\Aido\Desktop\Rooter.exe

[2009/06/13 02:05:34 | 00,000,000 | ---D | C] -- C:\Users\Aido\Desktop\anti spyware

[2009/06/13 02:01:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2009/06/13 02:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/06/12 05:11:40 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2009/06/12 05:11:39 | 00,000,068 | -H-- | C] () -- C:\aaw7boot.cmd

[2009/06/11 09:17:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2009/06/11 09:17:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2009/06/11 09:17:37 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/06/11 09:11:14 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009/06/11 09:11:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2009/06/11 09:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/06/11 01:14:08 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2009/06/11 01:14:02 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll

[2009/06/11 01:13:55 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

[2009/06/11 01:13:25 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/06/11 01:13:22 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2009/06/11 01:13:20 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2009/06/11 01:13:19 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2009/06/11 01:13:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2009/06/11 01:13:18 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2009/06/11 01:13:17 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2009/06/11 01:13:16 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2009/06/11 01:13:15 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll

[2009/06/11 01:13:14 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2009/06/11 01:13:14 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2009/06/11 01:13:13 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2009/06/11 01:13:11 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2009/06/11 01:13:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2009/06/11 01:13:07 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/06/11 00:15:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/06/10 18:14:13 | 00,000,000 | ---D | C] -- C:\Users\Aido\AppData\Roaming\Malwarebytes

[2009/06/10 18:13:28 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/06/10 18:13:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/06/10 18:13:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/06/10 18:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/06/10 07:08:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2009/06/10 07:08:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/05/18 22:45:53 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx

[2009/05/18 22:45:30 | 00,061,440 | ---- | C] (Windswept Software) -- C:\Windows\System32\digitbox.ocx

[2009/05/18 22:45:20 | 00,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx

[2009/05/18 22:45:13 | 00,000,000 | ---D | C] -- C:\Program Files\Alarm

[2009/05/18 22:44:25 | 00,000,000 | ---D | C] -- C:\Users\Aido\Desktop\Alarm

[2009/05/18 22:43:39 | 00,696,290 | ---- | C] () -- C:\Users\Aido\Desktop\Alarm.zip

[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbser6k.sys

[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnmea.sys

[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys

[2009/05/17 21:49:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\SupportApp

[2009/05/17 21:49:18 | 00,001,521 | ---- | C] () -- C:\Users\Public\Desktop\ZTE Mobile Connection.lnk

[2009/05/17 21:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE Mobile Connection

[2009/05/17 21:47:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\TDSupportApp

[2009/04/15 00:05:22 | 00,000,071 | ---- | C] () -- C:\Windows\wininit.ini

[2009/02/06 17:15:26 | 00,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll

[2008/10/03 22:52:46 | 00,000,684 | ---- | C] () -- C:\Windows\Sof.INI

[2008/09/30 16:57:33 | 00,000,292 | ---- | C] () -- C:\Windows\vtmb.ini

[2008/09/30 15:30:08 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008/09/25 20:36:28 | 00,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2008/09/25 20:36:27 | 09,611,520 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2008/09/25 20:36:27 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2008/09/25 20:36:27 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2008/09/25 20:36:27 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2008/07/02 18:40:01 | 00,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys

[2008/01/04 20:45:10 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2008/01/04 20:45:10 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/06/13 11:24:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Aido\Desktop\OTL.exe

[2009/06/13 11:22:02 | 00,128,933 | ---- | M] (Eric_71) -- C:\Users\Aido\Desktop\Rooter.exe

[2009/06/13 10:15:27 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/06/13 10:15:27 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/06/13 09:55:45 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/06/13 09:55:45 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/06/13 09:55:45 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/06/12 09:34:25 | 00,000,522 | ---- | M] () -- C:\Users\Aido\Documents\My Sharing Folders.lnk

[2009/06/12 05:11:39 | 00,000,068 | -H-- | M] () -- C:\aaw7boot.cmd

[2009/06/11 12:15:36 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2009/06/11 12:15:28 | 00,306,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/06/11 12:15:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/06/11 12:15:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/06/11 09:20:19 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/06/11 09:16:54 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2009/06/11 09:16:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2009/06/10 17:52:02 | 00,307,145 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/06/01 17:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/05/18 22:43:55 | 00,696,290 | ---- | M] () -- C:\Users\Aido\Desktop\Alarm.zip

[2009/05/17 21:49:29 | 00,001,521 | ---- | M] () -- C:\Users\Public\Desktop\ZTE Mobile Connection.lnk

< End of report >

Last is the OTL extras log :

OTL Extras logfile created on: 13/06/2009 11:25:37 - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Aido\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.40% Memory free

4.00 Gb Paging File | 3.97 Gb Available in Paging File | 99.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.49 Gb Total Space | 310.30 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Drive D: | 10.27 Gb Total Space | 1.40 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SMEXUAL

Current User Name: Aido

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

Reg Error: Unknown registry data type File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

"DisableNotifications" = 0

"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DisableNotifications" = 0

"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile

"DisableNotifications" = 0

"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{0561B9D6-0E72-48A4-A46E-2CD786BE34B3} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{0C700EF5-2357-475F-92A7-9F0659F1D5AD} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{0E5B6625-9D3C-423E-977C-DE3D40BFBD2C} = RPORT=139 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{10F9DEA5-A5FE-41D7-8041-B3668FB35975} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{131E730A-5A51-43AC-9FD5-91CC1C075E3B} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{185E2551-B34C-4E4C-BAC5-303549DDD48B} = LPORT=137 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |

{1B67885D-8D73-4BF8-8F9B-0F258281E760} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{1B71C9C1-01CC-4A7D-A9B5-D38D47CFAD54} = LPORT=138 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |

{22079E2B-D33D-4A3B-B8A5-19D889338A03} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{2390AA1D-684D-4950-8B9E-9338108F9DDC} = RPORT=445 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{2AA0FC7E-761D-4B3C-8FBB-013B53199E72} = RPORT=138 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |

{2CDF8CBF-970B-48E5-932B-D5C114B1E7C0} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{2D22128F-D55B-43B2-8596-D9683B2654B3} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{2E754DC0-E39C-487B-92A6-478DD74783B2} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{37E2013B-7970-4DB0-AA5F-815B18A35277} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{3B20B203-61B2-44D1-966F-721F7954AADC} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{51271D12-57A0-4FCF-BC41-688F84087C8D} = LPORT=445 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{5665F234-12F5-4A05-88BF-BE546E4C3DAC} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{58DB101E-EA79-467F-B595-90D13E6CC6E3} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{5D7BB03E-C836-4555-8CC4-93E052C76D99} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{61C7130C-A2DC-4247-9B6B-02C6C802F0F3} = LPORT=3724 | PROTOCOL=6 | DIR=IN | NAME=BLIZZARD DOWNLOADER: 3724 |

{62BA33C2-B888-4921-A737-26188AAE2030} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{65E6D069-178C-43E9-A082-AEBDF7358E36} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{6C53CD21-E6AD-4ABE-8BEB-F227723D3F22} = RPORT=10243 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{76B23213-9AAF-4123-AF8A-25AFC2880A96} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{78D90BFE-75F4-4202-B33D-B359EB1B2326} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{7C42F18E-0525-46B7-B2BD-7C67693059D6} = LPORT=139 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{8655AB49-DB92-43F0-8E93-3CCF0672E72B} = RPORT=137 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |

{86DC5881-D4ED-4DB8-BC88-5EE0FDF435A0} = LPORT=RPC-EPMAP | PROTOCOL=6 | DIR=IN | [email protected],-28539 | SVC=RPCSS |

{89AD44E5-EA2B-4108-A2CF-DF82A5DA0E23} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{9A223234-56CF-4697-A801-3357AA961442} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{9C0DAA7F-A306-4D2B-8B8D-BB0147C9BD1C} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{9CE2FF49-6BB9-45C2-AA6A-1F8B0CB7B833} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |

{A1E6FB3D-7F8F-4318-886F-F234972E518C} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{A252831D-3DCC-4F5D-AC1E-73C5F0212D03} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{A5C4183E-8AAB-4D35-8B35-114766BC2D1D} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{A60B7FBF-9CA4-47E1-84D6-36221175D41C} = LPORT=RPC | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |

{BB0011F9-D318-4CAF-A210-8FE7DD8FDCC2} = LPORT=10243 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{BDD78C3F-41D2-44CB-A7E8-98F4E17709B6} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |

{D00EB450-2595-4747-A51B-975E321FD363} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{DC9FB577-0C1C-4E23-8625-7609FB76767E} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

{E9F03E2C-E123-4044-9A24-AC63A9C567AD} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{ED520B2D-F08A-4118-A475-845456C785A2} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |

{FC2F0C9C-1237-4290-BE2F-98C00005ACE9} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

========== Vista Active Application Exception List ==========

{0C1E5567-6AAB-4676-A80B-316E718E359E} = PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

{19A779F1-4B24-4ED9-B352-CCA9A0A2F185} = PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{26EEBEF7-8202-495A-94BD-4080B04BCBA4} = PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{27DA775F-69A0-41C4-871D-5D1E17DA9813} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |

{38D8A89D-1999-41B5-86C3-A809A5FD98CE} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{3F2708CF-676C-4F98-9007-EF1B41A76E81} = DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\COMMAND & CONQUER 3\RETAILEXE\1.0\CNC3GAME.DAT |

{43A2BCF4-4592-44BE-B1A0-24E65FC9CD22} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{44D158AA-C21A-4AE6-8FB3-3ABB44FC4115} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |

{473F8AF2-8CE1-453F-A944-8FEE2948BFC6} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{4D627ED8-5D93-4DD6-BBB6-C572A2271BA6} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |

{4F38FAFD-C0CA-403B-A6DB-8BECA8D66747} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |

{5A59CB5B-D148-4029-B24A-F69A4A32A1BB} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |

{675B8062-4230-4BDE-A145-002B923BF2B4} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{6CA66AC6-D6CC-42C4-99F6-AB9DF436629D} = PROTOCOL=17 | DIR=IN | APP=C:\USERS\PUBLIC\DOCUMENTS\BLIZZARD ENTERTAINMENT\WORLD OF WARCRAFT\WOW-3.1.2.9901-TO-3.1.3.9947-ENGB-DOWNLOADER.EXE |

{7076F194-BEDC-4D3B-908E-964533A5B9C5} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |

{727EBECB-EF8D-4275-AB6A-8C57FF37A2E8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |

{91217470-6B2B-451F-B673-82CC97DF21B1} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{94ED824E-B891-429B-BE98-8EC95BAFBD93} = PROTOCOL=6 | DIR=IN | APP=C:\USERS\PUBLIC\DOCUMENTS\BLIZZARD ENTERTAINMENT\WORLD OF WARCRAFT\WOW-3.1.2.9901-TO-3.1.3.9947-ENGB-DOWNLOADER.EXE |

{A2CD0FB9-A5F3-4340-B94E-F8C088BC9189} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |

{AA49B7F3-79EE-44EF-BAFF-36D0513C01C7} = PROTOCOL=58 | DIR=IN | [email protected],-28545 |

{AC452B5A-0E30-4BAF-BBD8-DC23DCC970F3} = DIR=IN | APP=C:\PROGRAM FILES\CYBERLINK\POWERDIRECTOR\PDR.EXE |

{AF5BA41A-A76B-4FE1-9CE4-4D2DE9243E48} = PROTOCOL=6 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |

{BB64F147-4885-4742-86F8-C21F43F64248} = PROTOCOL=58 | DIR=OUT | [email protected],-28546 |

{CA889ACC-CDB9-4297-91B5-88064F659007} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{CCE6ACCD-8743-4F88-9968-086E74012628} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |

{D42B1A06-B727-4201-ABC2-2E130C7DB3C4} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |

{D6A23139-E89F-4537-8D36-F0B0EC436FE9} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |

{D7D10025-B151-41EE-8D3B-63411CDFDF4B} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |

{D9E3BA01-E4BC-4FA8-B190-4E4ADA003114} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |

{F019BAB3-2B87-4172-9BA0-6D079BC89D79} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |

{F215EAEB-2E2D-432F-8F57-578AB950F1C2} = PROTOCOL=1 | DIR=IN | [email protected],-28543 |

{F95FE34A-76AA-4AED-A22D-8252331EB8C5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |

{FF4AE3EB-583E-423A-ACB6-98ECF295425A} = PROTOCOL=1 | DIR=OUT | [email protected],-28544 |

{FF8994A9-55C5-4CF1-A9AC-4F1621867BBD} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |

TCP Query User{1DFA65AC-1F57-423C-8EAA-DED97DE232ED}C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RENEGADE\RENEGADE\GAME.EXE |

TCP Query User{4EA25F05-6A94-4854-9F7E-37A9AE05F47C}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT II\RA2\GAME.EXE |

TCP Query User{547FD4FB-7B27-4436-82C5-B3FF3F3AC81C}C:\users\aido\desktop\total annahilation\totala.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\AIDO\DESKTOP\TOTAL ANNAHILATION\TOTALA.EXE |

TCP Query User{858A5B26-E841-454C-A0E8-E6EF41794DB9}C:\program files\world of warcraft\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\WORLD OF WARCRAFT\LAUNCHER.EXE |

TCP Query User{9572A80E-C825-4956-85CF-4CB073C0FA8C}C:\program files\thq\dawn of war\w40k.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\THQ\DAWN OF WAR\W40K.EXE |

TCP Query User{BD1741C3-2E5F-40EF-B5C5-E2EFF08498BC}C:\program files\ea games\ultima online 2d client\client.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\ULTIMA ONLINE 2D CLIENT\CLIENT.EXE |

TCP Query User{BE693DD5-777D-4BCC-9FDE-8DFA18D1FAB7}C:\windows\system32\dplaysvr.exe = PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE |

TCP Query User{CEDEFD7F-9038-4E5E-87D7-F71BDE9E47E9}C:\program files\curse\curseclient.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |

TCP Query User{D06324B1-3889-466F-89DD-B25235195149}C:\users\aido\appdata\local\temp\electronicarts_patcher_000.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\AIDO\APPDATA\LOCAL\TEMP\ELECTRONICARTS_PATCHER_000.EXE |

UDP Query User{06A2A725-2F9C-4E46-B37D-98691992C34A}C:\windows\system32\dplaysvr.exe = PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE |

UDP Query User{09277570-D3E5-4C5C-8B14-26B2434B53F0}C:\users\aido\desktop\total annahilation\totala.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\AIDO\DESKTOP\TOTAL ANNAHILATION\TOTALA.EXE |

UDP Query User{315DB30A-FACE-4272-BA25-AB55A2048368}C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RENEGADE\RENEGADE\GAME.EXE |

UDP Query User{3A164EA5-147B-4880-A6B6-9D0A2CFD34D9}C:\program files\ea games\ultima online 2d client\client.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\ULTIMA ONLINE 2D CLIENT\CLIENT.EXE |

UDP Query User{4C76D447-ECC5-4667-9242-DA24C5769FFF}C:\program files\thq\dawn of war\w40k.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\THQ\DAWN OF WAR\W40K.EXE |

UDP Query User{55BB3356-989B-4E3E-B742-00C3B9BB4C75}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT II\RA2\GAME.EXE |

UDP Query User{8E5560E0-4297-4549-9F47-01BFA3991A8D}C:\program files\world of warcraft\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\WORLD OF WARCRAFT\LAUNCHER.EXE |

UDP Query User{90F21ECE-E5D2-4740-82FE-68B564BCC25C}C:\program files\curse\curseclient.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |

UDP Query User{DED87797-1D3D-4B41-8D1C-501C7DAFB5B3}C:\users\aido\appdata\local\temp\electronicarts_patcher_000.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\AIDO\APPDATA\LOCAL\TEMP\ELECTRONICARTS_PATCHER_000.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK

"{0F25F02B-854E-49B3-8F68-6D27CE4D477E}" = Ultima Online 2D Client

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord

"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic

"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera

"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = O2 Broadband USB Modem

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro

"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5C38AA6-C887-4B31-8B76-77C1CC40FFC7}" = ZTE Mobile Connection

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor

"{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}" = ArcSoft PhotoImpression 5

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Alarm_is1" = Alarm 2.0.4

"COMODO Internet Security" = COMODO Internet Security

"CurseClient" = Curse Client

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Driver Updater Pro" = Driver Updater Pro

"ERUNT_is1" = ERUNT 1.1j

"GrandBilliards_is1" = GrandBilliards 1.0

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar

"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)

"NVIDIA Drivers" = NVIDIA Drivers

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"Paddy Power Poker" = Paddy Power Poker

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"War of the Ring" = War of the Ring

"WildTangent hp Master Uninstall" = My HP Games

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

"World of Warcraft Public Test" = World of Warcraft Public Test

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 01/06/2009 13:53:45 | Computer Name = Smexual | Source = RasClient | ID = 20227

Description =

Error - 02/06/2009 12:13:17 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 02/06/2009 12:30:56 | Computer Name = Smexual | Source = Application Error | ID = 1000

Description = Faulting application hpsdpapp.exe, version 5.4.0.2407, time stamp

0x46deee05, faulting module hpsdpapp.exe, version 5.4.0.2407, time stamp 0x46deee05,

exception code 0xc0000005, fault offset 0x0002e2cb, process id 0xa7c, application

start time 0x01c9e39f61a0cd9f.

Error - 02/06/2009 13:00:04 | Computer Name = Smexual | Source = Application Error | ID = 1000

Description = Faulting application hpsdpapp.exe, version 5.4.0.2407, time stamp

0x46deee05, faulting module hpsdpapp.exe, version 5.4.0.2407, time stamp 0x46deee05,

exception code 0xc0000005, fault offset 0x0002e2cb, process id 0x9f0, application

start time 0x01c9e3a390cced2f.

Error - 03/06/2009 13:33:33 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 05/06/2009 13:32:51 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 07/06/2009 11:54:22 | Computer Name = Smexual | Source = Application Error | ID = 1000

Description = Faulting application Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc000001d, fault offset 0x026aaead, process id 0x37c, application start time 0x01c9e75fba890e70.

Error - 08/06/2009 11:42:47 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 08/06/2009 11:58:31 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 09/06/2009 05:18:04 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

[ System Events ]

Error - 05/10/2008 08:27:43 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:27:57 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:10 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:20 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:32 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:41 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:50 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:28:59 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:29:12 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 05/10/2008 08:29:26 | Computer Name = Smexual | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

Thanks for taking the time to look at this for me !

[Matt]

Alright, we've got a little bit of work to do.

The first thing I need you to do is follow the instructions here to run Chkdsk on your computer. You may be experiencing a hardware issue, and this will attempt to find and correct any problems. This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases. Once it finishes, boot your computer normally. I may direct you to our PC Support section of the forums once we get you malware-free.

Once back onto your desktop please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\Windows\explorer.exe (Microsoft Corporation)
  O4 - HKLM..\Run: [] File not found
  O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun
  O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
  O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun
  O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
  O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell - "" = AutoRun
  O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell - "" = AutoRun
  O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\Shell\Auto\command - "" = Cn911.exe
  O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell - "" = AutoRun
  O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )
  

Finally post back with the OTL log, and let me know if you run in to any trouble with the Chkdsk.

Also, do you recognize these files:

C:\Program Files\Alarm

C:\Users\Aido\Desktop\Alarm

C:\Users\Aido\Desktop\Alarm.zip

Matt

[aidomagoo]

The alarm.exe is a free alarm clock that I downloaded recently.

This is the OTL log after running chkdsk and the custom fix that you gave me :

========== OTL ==========

Process explorer.exe killed successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.

File J:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.

File J:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\ not found.

File Cn911.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.

File K:\LaunchU3.exe not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

File delete failed. C:\Users\Aido\AppData\Local\Temp\JET865F.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

User's Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 06172009_183013

Files moved on Reboot...

File C:\Users\Aido\AppData\Local\Temp\JET865F.tmp not found!

Registry entries deleted on Reboot...

I didn't seem to have any problems with the chkdsk, I left it running while I was in work today and when I returned it was finished. Dont know if it has to do with the chkdsk but my computer seems to be booting a little faster than normal and generally running smoother.

Thanks again.

[Matt]

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
  

Please open Malwarebytes' Anti-Malware.

Under the Update tab, click Check for Updates

• If an update is found, it will download and install the latest version.
  
• Once done, return to Scanner and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

Then, Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Also, please scan with OTL as you did before and post me an updated log.

So, please post back the MBAM, Kaspersky, and OTL logs.

[Matt]

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.