Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Laptop multple issue.

  1. #1
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default Laptop multple issue.

    Please be advised I have 2 computers having an issue (different problems.) So I am making 2 threads one for each. This one is for the Laptop.

    First thing I notices is network icon says access denied while connected and can still browse the internet. I have tried to unistall device and reinstall fresh drivers same thing. As of today I now notice I can not install anything. The windows installer services cannot be accessed this can occur if the windows installer is not correctly installed. Contact you support personal for assistance.

    I have ran F-Secure online scanner it did detect items and removed successfully I do not remember what they were. I also do not have a report to give for that. If it saves it somewhere I do not know where.


    DDS (Ver_10-11-27.01) - NTFSx86
    Run by owner at 12:01:07.13 on Fri 12/03/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [PlayNC Launcher]
    uRun: [DriverMax]
    uRun: [DriverMax_RESTART]
    mRun: [<NO NAME>]
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
    FF - plugin: c:\users\owner\program files\dna\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
    FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\toolbar@ask.com

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-12-03 01:40:58 -------- d-----w- c:\progra~2\F-Secure
    2010-12-03 00:48:30 -------- d-----w- C:\SWSetup
    2010-12-01 14:25:02 -------- d-----w- c:\program files\Belkin
    2010-12-01 14:24:40 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
    2010-12-01 14:04:54 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2010-12-01 14:04:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
    2010-11-30 13:16:42 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ce0dccb2-19be-4a1f-916a-42d294d5f9a4}\mpengine.dll
    2010-11-28 20:25:11 -------- d-----w- c:\users\owner\appdata\local\Innovative Solutions
    2010-11-28 20:25:11 -------- d-----w- c:\progra~2\Innovative Solutions
    2010-11-28 20:25:07 -------- d-----w- c:\program files\Innovative Solutions
    2010-11-25 14:14:43 -------- d-----w- c:\program files\common files\PX Storage Engine
    2010-11-25 14:14:10 -------- d-----w- c:\program files\common files\DivX Shared
    2010-11-25 14:11:36 -------- d-----w- c:\program files\DivX
    2010-11-25 14:10:40 -------- d-----w- c:\progra~2\DivX
    2010-11-09 23:35:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

    ==================== Find3M ====================

    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-26 02:59:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-09-26 02:59:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 20:56:13 111960 ----a-w- c:\windows\dxsdkuninst.exe
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

    ============= FINISH: 12:02:04.83 ===============

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello rngrgreen,
    If you have more than one infected computer in the house please let your helper know. Start a new topic for the next machine once the prior thread has been closed.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Open topic: http://forums.spybot.info/showthread.php?t=60727

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    It gets very complicated when you post for two different computers, the way we do this is to finish one, close the thread and then you post for the second one. No one helped you with the first one and you say its ok, what I have done was to reopen this one for your laptop as I see malware on it so we will work on the laptop and when its done if your still having issues with your desktop then start a new topic for it.


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #4
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default Malwarebytes log and OTL

    Ok first let inform you of other issues to I can not install or unistall anything. I get windows installer has failed, Windows installer service is not running or access denied. I tried to start service under services.msc I get access denied. Also sound services not working either. CD, DVD will not load anything I get program cannot be found. This one is radmon somtime cd dvd works.
    Alright now that you know all systems I am not sure if that will help or not here is the requested logs.

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5288

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    12/10/2010 12:14:20 PM
    mbam-log-2010-12-10 (12-14-20).txt

    Scan type: Quick scan
    Objects scanned: 151303
    Time elapsed: 5 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    OTL logfile created on: 12/10/2010 12:21:21 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
    Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
    SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
    SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found
    SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File not found
    SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (ccosm) -- C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
    DRV - (XDva285) -- C:\Windows\System32\XDva285.sys File not found
    DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
    DRV - (F-Secure Standalone Minifilter) -- C:\Users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys File not found
    DRV - (EagleNT) -- C:\Users\owner\AppData\Local\Temp\EagleNT.sys File not found
    DRV - (ByakkoDriver) -- C:\Users\owner\AppData\Local\Temp\100581145.06- File not found
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
    DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8777;https=127.0.0.1:8777

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.116
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
    FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
    FF - prefs.js..network.proxy.http: "10.81.0.1"
    FF - prefs.js..network.proxy.http_port: 8080


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010/10/30 14:29:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010/11/25 09:15:33 | 000,000,000 | ---D | M]

    [2009/03/13 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions
    [2010/09/18 12:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/26 11:01:51 | 000,000,000 | ---D | M] () -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
    [2010/11/23 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com
    [2010/10/23 22:58:39 | 000,001,832 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\bing.xml
    [2010/10/22 11:08:09 | 000,001,553 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\wowhead.xml
    [2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    [2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [DriverMax] File not found
    O4 - HKCU..\Run: [DriverMax_RESTART] File not found
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell - "" = AutoRun
    O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ffxivsetup.exe -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 15:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/09 09:06:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Vuze Downloads
    [2010/12/07 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2010/12/07 20:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2010/12/03 21:48:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/12/03 21:37:16 | 000,000,000 | ---D | C] -- C:\43fd38b79586b12192672f43
    [2010/12/03 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/12/02 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2010/12/02 19:48:30 | 000,000,000 | ---D | C] -- C:\SWSetup
    [2010/12/01 09:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
    [2010/12/01 09:24:40 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
    [2010/12/01 09:04:54 | 000,651,264 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
    [2010/12/01 09:04:54 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
    [2010/11/30 12:41:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\owner\Desktop\ATF-Cleaner.exe
    [2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Drivers
    [2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Innovative Solutions
    [2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
    [2010/11/28 15:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
    [2010/11/25 13:22:49 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\customclassitemfixer_v1
    [2010/11/25 09:15:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DivX
    [2010/11/25 09:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
    [2010/11/25 09:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2010/11/25 09:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/11/25 09:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2010/07/19 15:39:04 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/10 12:05:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/10 12:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/10 12:05:23 | 2073,251,840 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/10 11:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/12/09 16:29:24 | 000,006,016 | ---- | M] () -- C:\Users\owner\Desktop\DDS.zip
    [2010/12/09 16:15:00 | 199,527,180 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/09 16:06:30 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
    [2010/12/07 06:09:12 | 000,032,256 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/04 11:55:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/12/02 11:42:12 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/02 11:42:12 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/02 08:56:43 | 000,001,079 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/02 08:56:43 | 000,001,055 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/28 15:25:09 | 000,000,919 | ---- | M] () -- C:\Users\owner\Desktop\DriverMax.lnk
    [2010/11/25 13:22:15 | 000,128,434 | ---- | M] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
    [2010/11/25 09:15:37 | 000,001,432 | ---- | M] () -- C:\Users\owner\Desktop\DivX Movies.lnk
    [2010/11/25 09:14:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/11/25 09:14:37 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/12/09 16:29:24 | 000,006,016 | ---- | C] () -- C:\Users\owner\Desktop\DDS.zip
    [2010/12/09 16:00:37 | 000,296,448 | ---- | C] () -- C:\Users\owner\Desktop\gmer.exe
    [2010/12/04 12:12:05 | 2073,251,840 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/02 08:56:43 | 000,001,079 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/02 08:56:43 | 000,001,055 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/01 09:04:54 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
    [2010/11/30 12:34:27 | 199,527,180 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/28 15:25:09 | 000,000,919 | ---- | C] () -- C:\Users\owner\Desktop\DriverMax.lnk
    [2010/11/25 13:22:13 | 000,128,434 | ---- | C] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
    [2010/11/25 09:15:37 | 000,001,432 | ---- | C] () -- C:\Users\owner\Desktop\DivX Movies.lnk
    [2010/11/25 09:14:58 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/11/25 09:14:37 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2010/10/21 08:37:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
    [2010/10/21 08:37:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\k98417kepujtzpw2tf4poi79ey7dsn4z.ini
    [2010/09/29 09:14:26 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
    [2010/09/29 09:14:26 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
    [2010/09/26 17:35:45 | 000,000,056 | ---- | C] () -- C:\Windows\SpeederXP.INI
    [2010/09/18 12:27:52 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_3
    [2010/08/31 13:19:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
    [2010/08/31 13:19:28 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini
    [2010/08/31 13:19:28 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini
    [2010/08/31 13:19:28 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini
    [2010/08/31 13:19:28 | 000,004,296 | ---- | C] () -- C:\Windows\System32\INI_Pro_Zune.ini
    [2010/08/31 13:19:28 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini
    [2010/08/31 13:19:28 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini
    [2010/08/31 13:19:28 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini
    [2010/08/31 13:19:28 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini
    [2010/08/31 13:19:28 | 000,002,175 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPhone.ini
    [2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini
    [2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini
    [2010/08/31 13:19:28 | 000,001,878 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini
    [2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini
    [2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini
    [2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini
    [2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini
    [2010/08/31 13:19:28 | 000,001,739 | ---- | C] () -- C:\Windows\System32\INI_Pro_AppleTV.ini
    [2010/08/31 13:19:28 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini
    [2010/08/31 13:19:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2010/07/19 15:33:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/07/19 15:33:54 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010/07/04 15:29:22 | 000,000,281 | ---- | C] () -- C:\ProgramData\Local Disk (C) - Shortcut.lnk
    [2010/06/18 14:08:09 | 000,000,096 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/06/10 15:09:16 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
    [2010/06/07 11:11:33 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_1
    [2010/06/07 11:10:43 | 000,000,169 | ---- | C] () -- C:\Users\owner\AppData\Roaming\D2Info0
    [2010/06/07 11:10:43 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_2
    [2010/06/04 13:53:34 | 000,000,093 | ---- | C] () -- C:\Users\owner\AppData\Local\fusioncache.dat
    [2010/05/22 12:59:20 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
    [2010/05/17 13:19:25 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/03/15 07:44:34 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/10/22 10:00:45 | 000,000,148 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2009/10/20 13:25:51 | 000,001,215 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/09/18 20:18:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/17 20:53:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
    [2009/06/28 20:20:36 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
    [2009/05/04 19:47:37 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
    [2009/02/04 10:20:10 | 000,032,256 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/01 15:18:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
    [2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
    [2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
    [2009/01/05 15:51:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2009/01/05 15:51:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/01/05 15:50:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/01/05 15:50:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/01/05 15:48:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/01/05 15:47:38 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2008/10/23 01:44:13 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2008/10/23 01:38:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2008/10/23 01:36:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2008/10/23 01:35:06 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
    [2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
    [2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

    ========== LOP Check ==========

    [2010/11/28 14:26:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
    [2009/11/16 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.purple
    [2010/08/21 11:56:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AnvSoft
    [2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\app
    [2010/05/17 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Application Data
    [2010/12/10 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Azureus
    [2010/12/10 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
    [2010/06/25 15:11:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Crayon Physics Deluxe
    [2010/05/24 14:56:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DNA
    [2010/10/29 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus 2
    [2010/06/07 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/09/18 12:27:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/06/07 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/10/22 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EternalEden
    [2010/05/17 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FOG Downloader
    [2010/08/08 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameTuts
    [2010/05/29 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
    [2010/05/17 09:40:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
    [2010/08/19 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImTOO Software Studio
    [2009/04/18 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iWin
    [2010/09/29 09:20:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ManyCam
    [2010/06/09 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NeopleLauncherDFO
    [2009/04/10 14:23:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
    [2010/12/07 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
    [2009/05/03 18:46:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayFirst
    [2010/10/31 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ProgSense
    [2010/08/21 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Red Kawa
    [2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
    [2010/07/22 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Regensoft
    [2010/10/31 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\runic games
    [2010/09/29 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Secret of the Solstice
    [2010/09/22 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemRequirementsLab
    [2010/06/04 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Turbine
    [2009/02/01 20:37:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
    [2010/12/10 12:04:09 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:661DFA1C
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:D06A4C76

    < End of report >

  5. #5
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default OTL Extras

    Here is the other one you right neede 2 post to put them up

    OTL Extras logfile created on: 12/10/2010 12:21:21 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
    Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C59680-CBDF-42A1-B8A9-B28D304A35EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{196D4CD7-67F7-40A0-95B1-EE6A9D15F2B5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2081AC7F-7969-4CD4-9C11-1943C05150D0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{389C24E5-8832-440B-9FFB-3E1BBD989CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3E187A89-4D50-455A-882C-71A98D84AABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{42ECA6A1-CCED-451E-BD69-BD614EF2883F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{44CE7BA2-E254-4C84-AEA3-C01A88B69AA7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{50994B4B-B840-4CFE-988C-AEAC3FDE27BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5F60B4E0-2658-4A35-89BA-6B9E9E0F996C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6751CF59-5C07-45A4-A77A-F5151CF5EC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{684B2906-A442-4916-9FE7-D0E7A36373AE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{69DAE553-ED70-497E-9E8E-66441F3C4F4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{6CF3FAE3-6FE3-48E4-971C-B265A48C4EDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{75ADAE76-4EF4-4432-BD55-410E286539AA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8F2B886C-45BF-4C98-B3A7-B638A9C58B79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9B397058-8DC4-4014-97BD-73F77F16BAB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B7AE72E1-2733-40CB-9F9F-B3060DF2CE6E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BC0668D8-034A-4450-A3E1-2842E1B965B7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C561784E-2291-4F45-9D77-6CE47CFB61CC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{CDAABB2C-FA9C-4B4E-8168-0B27B50874EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{DD33E78B-A54B-4353-9553-429110B73ED2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F211AA16-DF3B-493E-84F1-3EBA01343DBD}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
    "{F4272B86-AC93-4E5E-B19B-2EB1982C46D8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F6EAC78C-855E-4BA6-87E5-8E902377EE31}" = lport=49200 | protocol=6 | dir=in | name=akamai netsession interface |
    "{FF052CBA-196A-4D42-98AD-E8C379DE9810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F1A93B-502C-449E-AA33-4161A25D37DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0900C973-C49F-4E2D-8B21-3BF503920C34}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{0B8D53F5-564C-47F0-9CB3-DB6D75762D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{12CCCEA9-F058-473B-8BFE-886435644901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
    "{156EFD44-1592-400D-9415-6E7CC44394B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1723377B-4017-4371-A3E3-B2B08291D1A5}" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
    "{212CE7AC-60B3-476E-9B17-53B0D253450B}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
    "{2D0F798D-DAF9-422B-9258-9AD564C5FA2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2F4937F4-1ADB-4AC3-B3CC-C728F4CB5CE1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{321529E6-EAB5-410D-BA6A-6B618B28EF05}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{33A82482-5C01-4CFF-93E1-F517030AD44E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{343A8FF8-C189-47FD-AD8D-3447993FB524}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{358C533F-D578-4E10-8331-FF75B5803D0E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{385F2F44-1752-4D99-B873-633C89673100}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{3A755A0E-7B1E-4755-8AE3-3D75A2860A50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{3B0E8D81-3145-4D78-A942-1CDDC389E1EA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{450C95C7-F71A-4BF9-8289-BF2C0B9868D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4DCDD217-C7CC-4EA7-B191-B6AF1B86522A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
    "{55F2D62D-33BB-49ED-BC8F-9DA086E2D1EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
    "{569D1FF6-86D3-4DB7-96E9-E77324AE5D49}" = protocol=6 | dir=in | app=c:\program files\stormii\stormliv.exe |
    "{580B73C8-6C32-4033-A615-B7EECCF5D366}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{5BFDCBF2-B1B8-408B-8265-28B156B34D4C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{5DE1E07E-0232-4552-842F-567A9C012EF4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{679D0331-03B2-4C5A-A05B-3C89076430D3}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
    "{67DE253E-88FB-408D-AFB3-FE4EE53EADD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{69FAB3D6-E45E-4172-A1C2-9E3CE32D3C04}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{6B8D3932-71D7-477D-B04D-2CBD42FC8557}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{76BFD47F-91B7-4BF6-A9C3-0435B15444EB}" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
    "{791032B1-70E2-4313-BA95-56507D8ABECC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
    "{7F998E83-D3CA-4150-9693-5078D0584806}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{81874413-243A-4109-B313-086E0D396475}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{826F747A-D68F-4678-A207-3DBDBFB1F07E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{83728C45-CE59-4E7F-B354-D71AEA472349}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{885E9827-7478-41C0-81B6-4D810786BED6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{8F8DFFF6-D128-4C03-A92C-715FA3E7C155}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{95EAA94F-8DEF-43B6-B4F0-93065F706FC7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{A51FA3E6-60F2-4C79-AA9B-75612EBC4DC2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{AE42AC6F-C12E-4057-9219-AC7DD2CFEE14}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{AF6B8925-E8C7-48F3-B2D5-82650A077872}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
    "{B974CBD5-2124-418F-93B7-E38B68A19790}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{B9B992C6-F3A0-48D3-8AD6-B1C7289D0A48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BC3295F1-DF2B-46EE-97DF-DA3AF88CABAA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{C7841F2B-E4D7-4108-BFB5-012DE9227AE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
    "{C9D06CE9-A13D-48DA-A8E3-21B04EA757CF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{CD8AC772-24E1-406D-AC94-340ABE20925E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D1AD7E34-9BD0-41E3-AE7F-F2C15E03E987}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{D53B8B7E-D3B8-4479-B152-393894654F29}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{DB0257E4-4390-47A5-AC44-6C4A25BF54F3}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
    "{E15E8586-4ABB-4DEC-8CD5-A0D4CCF5C200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E265BD0A-188F-4255-9F83-28DFD22B5DE1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{E463BCA0-B2DA-490E-8AAD-FB3F58787CBF}" = protocol=17 | dir=in | app=c:\program files\stormii\stormliv.exe |
    "{E5B55089-C623-4269-9ABE-4FF00660B0CD}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{E91DE1A0-9D0B-4B01-B7BE-6A77DB20280A}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
    "{ED1809A0-3C0B-4B21-BB30-4F3983730379}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
    "{F3B215A1-F050-4DEE-932D-30EA7D61BEBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{F45B6A6B-95E9-4ED7-900D-36338B9845C3}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
    "{FA22F1DA-E272-4F1C-BD7B-AAF97C55FA94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{02C20BD9-0AC3-42CF-805F-BBEDB738526D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "TCP Query User{0AAFBFF1-DE4D-48DE-A9D0-24F2A2BCAB1D}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
    "TCP Query User{0B89EC0E-8070-455F-96EA-0ACD4643B775}C:\nexon\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
    "TCP Query User{24A5AC76-967F-4073-B2EA-DB5D6D9862E7}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
    "TCP Query User{2F94D875-469C-4F6F-AA27-3B28D5DA5D0B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "TCP Query User{4185CAFC-D973-40B6-A0A9-8ABA6E195FA3}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
    "TCP Query User{56F6FE65-63B2-4B8D-B936-882B2C39A5AA}C:\program files\stormii\storm.exe" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
    "TCP Query User{82C87DDD-AD36-4164-A076-90E9FB99DB4E}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
    "TCP Query User{857CDB38-7618-4575-B077-648DE0315101}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
    "TCP Query User{8F8AE8F2-557E-467F-B52C-05BC0C378800}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{9698F34E-D862-4F24-A9A4-F9D4B26BB234}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{97874278-61CE-4E5E-AFCD-02649ABBAA2E}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
    "TCP Query User{9B126C2E-8B8B-48E9-A2DA-CB12A86DDF5E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{A837C0F1-6F8E-4C76-AB79-555C71889FCB}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
    "TCP Query User{DD6EE687-7929-4D77-ABE6-DA3A63EF9EB5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{E4A3450F-A31A-47EF-A930-FC2F28E5573F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{F8EFDB34-DF6B-4E33-895C-4B1F93672496}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
    "UDP Query User{1929362A-DEE2-424B-AB32-90FFD6FCEB5D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "UDP Query User{21010343-4580-4304-A6FB-AF4AF8F36E4D}C:\program files\stormii\storm.exe" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
    "UDP Query User{2FF161DC-C22C-4279-BD7C-9D93AD5A547F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{31C2EC59-6877-4EA7-8C2F-7DB5C283B4A2}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
    "UDP Query User{32F1F6AE-1017-4F0F-AE10-2B861297B229}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
    "UDP Query User{3DFB90E7-5271-4EA4-A77C-674F89BE3B30}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "UDP Query User{4216BBD3-9965-446B-A2E6-7B9DE57AC83D}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
    "UDP Query User{52956A67-DA28-4FE4-B81C-36B758809FF3}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
    "UDP Query User{67A47844-5DEF-4550-A759-B1AD46BF93E7}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
    "UDP Query User{69172F0B-91CB-49C5-968F-29D7CAE1A352}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
    "UDP Query User{6E1B51D7-EA55-4AA3-B59F-028B4213ECB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{71F05586-F812-40DB-8C0C-AC3D19C63486}C:\nexon\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
    "UDP Query User{7F394D10-DE71-41AC-A1D4-0D76C73CE664}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
    "UDP Query User{AE493B62-937E-4264-845E-A9C2955309E0}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
    "UDP Query User{C8F9F12F-AE7D-4A06-BCDD-9A02AAB55721}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{CC6419A7-B5D8-4D70-8722-4A0CF8C543BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{D4D88C5F-2D41-43E5-A932-A529028A21D9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
    "{1b89540f-8f25-406d-82e9-21869e253ffc}" = PS_SF_03_D5400_ProductContext
    "{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
    "{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
    "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
    "{2DDEE1AF-730A-4CE0-90DB-A9EE84B9A959}" = EssenceRO
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{454070F6-2CAF-49DE-84E7-07DC177789FB}" = GPCabal LW
    "{45813C0F-04E2-4757-9F64-A6386C169D21}" = D5400_Help
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
    "{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4dd83a18-e502-461e-adfb-a458bd25e45d}" = PS_SF_03_D5400_Software_Min
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{581cae33-36d4-41e1-9673-bceb97763864}" = PS_SF_03_D5400_Software
    "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{60131BE5-BE4D-4975-9108-DD0BE735890D}" = Xdelta 3.0t
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7C9002E8-E0BE-482F-870C-3449BC817513}" = Aerrevan 5.0
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A738259E-000C-4678-9FD9-FB79D43FB21C}" = Secret of the Solstice
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{b2670e67-0398-4c53-957f-414d28a758e9}" = D5400
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BAE390A5-2864-46b6-BC80-A656A2068CB4}" = HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBFD786F-691F-4C63-8F3E-AFE7FE324D88}" = Aion
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{E57A2E59-7A17-4CCE-8EC5-4CF0DD41237B}" = Secret of the Solstice
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F1C60F3E-70CF-42BF-8FEC-7B101A8C4868}" = IrisOnline
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.16 beta
    "8461-7759-5462-8226" = Vuze
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "AviSynth" = AviSynth 2.5
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BitTorrent" = BitTorrent
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Defraggler" = Defraggler
    "DivX Setup.divx.com" = DivX Setup
    "DMX5_is1" = DriverMax 5
    "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
    "Guild Wars" = Guild Wars
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
    "InstallShield_{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Latale GP3.0" = Latale GP
    "Mabinogi" = Mabinogi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MapleStory" = MapleStory
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
    "OpenAL" = OpenAL
    "Orbit_is1" = Orbit Downloader
    "PunkBusterSvc" = PunkBuster Services
    "Risk" = Risk
    "Runic Games Torchlight" = Torchlight
    "Security Task Manager" = Security Task Manager 1.8c
    "Shop for HP Supplies" = Shop for HP Supplies
    "SpeederXP_is1" = SpeederXP v2.61
    "StarCraft II" = StarCraft II
    "storm2" = ±©·çÓ°Òô
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tetris Game for Windows_is1" = Tetris Game for Windows 2.5.9
    "Videora iPod Converter" = Videora iPod Converter 5.04
    "Videora Xbox 360 Converter" = Videora Xbox 360 Converter 5.04
    "Vindictus" = Vindictus
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    "YInstHelper" = Yahoo! Install Manager
    "YouTube Downloader App" = YouTube Downloader App 2.03

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AikaOnline" = AikaOnline
    "BitTorrent DNA" = DNA
    "heRO" = heRO
    "LuminaRO Lite Setup 2010-09-12" = LuminaRO Lite Setup 2010-09-12
    "NCsoft-Aion" = Aion
    "SOE-Free Realms" = Free Realms
    "Sparkplayer (Beta)" = Sparkplayer (Beta)

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

  6. #6
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default Sorry

    I meant to say in the reply I am sorry about posting 2 computers I did not read rules completely. So I wanted to apologize for that and thank you for the help again.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not a problem with your posts, the forums can be a bit confusing if your not familiar with them.

    Lets run this tool, after you download it with Vista you need to right click and RUN AS ADMINISTRATOR


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default Combofix Report

    Here is ComboFix Report as requested

    ComboFix 10-12-09.04 - owner 12/10/2010 22:29:07.1.2 - x86
    Running from: c:\users\owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\desktop.ini
    c:\program files\StormII
    c:\program files\StormII\codec\264be.dll
    c:\program files\StormII\codec\264dmmx.dll
    c:\program files\StormII\codec\264dsse.dll
    c:\program files\StormII\codec\264dsse2.dll
    c:\program files\StormII\codec\264dsse3.dll
    c:\program files\StormII\codec\aasc32.dll
    c:\program files\StormII\codec\ac3filter.ax
    c:\program files\StormII\codec\acelpdec.ax
    c:\program files\StormII\codec\asusasv1.dll
    c:\program files\StormII\codec\asusasv2.dll
    c:\program files\StormII\codec\ativcr2.dll
    c:\program files\StormII\codec\avcodec.dll
    c:\program files\StormII\codec\avformat.dll
    c:\program files\StormII\codec\avidavicodec.dll
    c:\program files\StormII\codec\AviSplitter.ax
    c:\program files\StormII\codec\avutil.dll
    c:\program files\StormII\codec\bass.dll
    c:\program files\StormII\codec\bass_aac.dll
    c:\program files\StormII\codec\bass_alac.dll
    c:\program files\StormII\codec\bass_ape.dll
    c:\program files\StormII\codec\bass_flac.dll
    c:\program files\StormII\codec\bass_mpc.dll
    c:\program files\StormII\codec\bass_tta.dll
    c:\program files\StormII\codec\bass_wv.dll
    c:\program files\StormII\codec\binkw32.dll
    c:\program files\StormII\codec\BSPVDEC.dll
    c:\program files\StormII\codec\bsrsrc.ax
    c:\program files\StormII\codec\BsrVideoDec.ax
    c:\program files\StormII\codec\bw10.dll
    c:\program files\StormII\codec\cddareader.ax
    c:\program files\StormII\codec\cdxareader.ax
    c:\program files\StormII\codec\ChpSrcFilter.ax
    c:\program files\StormII\codec\CinemasterAudio.DLL
    c:\program files\StormII\codec\cl264dec.ax
    c:\program files\StormII\codec\CLNavX.ax
    c:\program files\StormII\codec\CLRVIDDC.DLL
    c:\program files\StormII\codec\clrviddd.dll
    c:\program files\StormII\codec\CLVc1Dec.ax
    c:\program files\StormII\codec\CLVSD.ax
    c:\program files\StormII\codec\clvsdx.ax
    c:\program files\StormII\codec\coreavc.ax
    c:\program files\StormII\codec\CUVCcodc.dll
    c:\program files\StormII\codec\DCBassSource.ax
    c:\program files\StormII\codec\DECVW_32.DLL
    c:\program files\StormII\codec\divxdec.ax
    c:\program files\StormII\codec\DmoDec.dll
    c:\program files\StormII\codec\DSMSplitter.ax
    c:\program files\StormII\codec\empgdmx.ax
    c:\program files\StormII\codec\ff_kernelDeint.dll
    c:\program files\StormII\codec\ff_liba52.dll
    c:\program files\StormII\codec\ff_libavcodec.dll
    c:\program files\StormII\codec\ff_libdts.dll
    c:\program files\StormII\codec\ff_libfaad2.dll
    c:\program files\StormII\codec\ff_libmad.dll
    c:\program files\StormII\codec\ff_libmpeg2.dll
    c:\program files\StormII\codec\ff_libmplayer.dll
    c:\program files\StormII\codec\ff_realaac.dll
    c:\program files\StormII\codec\ff_samplerate.dll
    c:\program files\StormII\codec\ff_theora.dll
    c:\program files\StormII\codec\ff_TomsMoComp.dll
    c:\program files\StormII\codec\ff_tremor.dll
    c:\program files\StormII\codec\ff_unrar.dll
    c:\program files\StormII\codec\ff_wmv9.dll
    c:\program files\StormII\codec\ff_xvidcore.dll
    c:\program files\StormII\codec\ffdshow.ax
    c:\program files\StormII\codec\ffdshow.ax.manifest
    c:\program files\StormII\codec\ffmpeg.dll
    c:\program files\StormII\codec\ffsource.ax
    c:\program files\StormII\codec\Flash.ocx
    c:\program files\StormII\codec\FLT_ffdshow.dll
    c:\program files\StormII\codec\FLVSplitter.ax
    c:\program files\StormII\codec\frapsvid.dll
    c:\program files\StormII\codec\G722ADEC.dll
    c:\program files\StormII\codec\GeoCodec.dll
    c:\program files\StormII\codec\H264VDEC.dll
    c:\program files\StormII\codec\HBGKDec.ax
    c:\program files\StormII\codec\HBGKSrc.ax
    c:\program files\StormII\codec\HikAudioDec.ax
    c:\program files\StormII\codec\HikFileSource.ax
    c:\program files\StormII\codec\HikFileSplitter.ax
    c:\program files\StormII\codec\HIKM4DEC.dll
    c:\program files\StormII\codec\HikVideoDec.ax
    c:\program files\StormII\codec\i263_32.drv
    c:\program files\StormII\codec\icmw_32.dll
    c:\program files\StormII\codec\iconv.dll
    c:\program files\StormII\codec\kdh4.dll
    c:\program files\StormII\codec\kdm4.dll
    c:\program files\StormII\codec\keys.dat
    c:\program files\StormII\codec\l3codecx.ax
    c:\program files\StormII\codec\LCodcCMP.dll
    c:\program files\StormII\codec\libavcodec.dll
    c:\program files\StormII\codec\libmpeg2_ff.dll
    c:\program files\StormII\codec\libmplayer.dll
    c:\program files\StormII\codec\LMVRGBxf.dll
    c:\program files\StormII\codec\LMVYUVxf.dll
    c:\program files\StormII\codec\lsvxdec.dll
    c:\program files\StormII\codec\mfplat.dll
    c:\program files\StormII\codec\mkunicode.dll
    c:\program files\StormII\codec\mkx.dll
    c:\program files\StormII\codec\mkzlib.dll
    c:\program files\StormII\codec\mmamrdmx.ax
    c:\program files\StormII\codec\Mp3Decdll.dll
    c:\program files\StormII\codec\MP3DMOD.DLL
    c:\program files\StormII\codec\mp4.dll
    c:\program files\StormII\codec\mp43dmod.dll
    c:\program files\StormII\codec\mp4sdmod.dll
    c:\program files\StormII\codec\MP4Splitter.ax
    c:\program files\StormII\codec\MpaDecFilter.ax
    c:\program files\StormII\codec\MpaSplitter.ax
    c:\program files\StormII\codec\mpcvideodec.ax
    c:\program files\StormII\codec\Mpeg2DecFilter.ax
    c:\program files\StormII\codec\mpeg2dmx.ax
    c:\program files\StormII\codec\MpegSplitter.ax
    c:\program files\StormII\codec\mpg2splt.ax
    c:\program files\StormII\codec\mpg4dmod.dll
    c:\program files\StormII\codec\msdmo.dll
    c:\program files\StormII\codec\msms001.vwp
    c:\program files\StormII\codec\msvcp71.dll
    c:\program files\StormII\codec\msvcr71.dll
    c:\program files\StormII\codec\MZP4_DEC.DLL
    c:\program files\StormII\codec\NDParser.ax
    c:\program files\StormII\codec\NeMP4Splitter.ax
    c:\program files\StormII\codec\nvviddec.ax
    c:\program files\StormII\codec\OggSplitter.ax
    c:\program files\StormII\codec\Plugins\nppl3260.dll
    c:\program files\StormII\codec\Plugins\nppl3260.xpt
    c:\program files\StormII\codec\Plugins\npqtplugin.dll
    c:\program files\StormII\codec\Plugins\nprpjplug.dll
    c:\program files\StormII\codec\Plugins\nsIQTScriptablePlugin.xpt
    c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
    c:\program files\StormII\codec\Plugins\QuickTimePlugin.class
    c:\program files\StormII\codec\PmpSplt.ax
    c:\program files\StormII\codec\pncrt.dll
    c:\program files\StormII\codec\pndx5016.dll
    c:\program files\StormII\codec\pndx5032.dll
    c:\program files\StormII\codec\pthreadVC2.dll
    c:\program files\StormII\codec\pvmjpg21.dll
    c:\program files\StormII\codec\PVWV220.DLL
    c:\program files\StormII\codec\qasf.dll
    c:\program files\StormII\codec\QTSystem\CFCharacterSetBitmaps.bitmap
    c:\program files\StormII\codec\QTSystem\CoreVideo.qtx
    c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\CoreVideo.qtr
    c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTime.qts
    c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
    c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.dll
    c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtr
    c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtxs
    c:\program files\StormII\codec\QTSystem\QuickTime3GPP.qtx
    c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll
    c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeH264.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeMusic.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll
    c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeVR.qtx
    c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
    c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
    c:\program files\StormII\codec\QuickTime.qts
    c:\program files\StormII\codec\QuickTimeVR.qtx
    c:\program files\StormII\codec\RadGtSplitter.ax
    c:\program files\StormII\codec\Real\Codecs\14_43260.dll
    c:\program files\StormII\codec\Real\Codecs\28_83260.dll
    c:\program files\StormII\codec\Real\Codecs\atrc.dll
    c:\program files\StormII\codec\Real\Codecs\cook.dll
    c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
    c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
    c:\program files\StormII\codec\Real\Codecs\drv1.dll
    c:\program files\StormII\codec\Real\Codecs\drv2.dll
    c:\program files\StormII\codec\Real\Codecs\drvc.dll
    c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
    c:\program files\StormII\codec\Real\Codecs\raac.dll
    c:\program files\StormII\codec\Real\Codecs\ralf.dll
    c:\program files\StormII\codec\Real\Codecs\rv10.dll
    c:\program files\StormII\codec\Real\Codecs\rv20.dll
    c:\program files\StormII\codec\Real\Codecs\rv30.dll
    c:\program files\StormII\codec\Real\Codecs\rv40.dll
    c:\program files\StormII\codec\Real\Codecs\sipr.dll
    c:\program files\StormII\codec\Real\Common\objb3201.dll
    c:\program files\StormII\codec\Real\Common\pnen3260.dll
    c:\program files\StormII\codec\Real\Common\pngu3267.dll
    c:\program files\StormII\codec\Real\Common\pnrs3260.dll
    c:\program files\StormII\codec\Real\Common\rppr3260.dll
    c:\program files\StormII\codec\Real\Common\security.dll
    c:\program files\StormII\codec\Real\Plugins\audplin.dll
    c:\program files\StormII\codec\Real\Plugins\authmgr.dll
    c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
    c:\program files\StormII\codec\Real\Plugins\clntxres.dll
    c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs
    c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
    c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
    c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
    c:\program files\StormII\codec\Real\Plugins\hxxml.dll
    c:\program files\StormII\codec\Real\Plugins\imgrender.dll
    c:\program files\StormII\codec\Real\Plugins\memfsys.dll
    c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
    c:\program files\StormII\codec\Real\Plugins\mp3render.dll
    c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
    c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
    c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
    c:\program files\StormII\codec\Real\Plugins\pacplin.dll
    c:\program files\StormII\codec\Real\Plugins\plusplin.dll
    c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
    c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
    c:\program files\StormII\codec\Real\Plugins\ramrender.dll
    c:\program files\StormII\codec\Real\Plugins\rarender.dll
    c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
    c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
    c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
    c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
    c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
    c:\program files\StormII\codec\Real\Plugins\rtrender.dll
    c:\program files\StormII\codec\Real\Plugins\rvrender.dll
    c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
    c:\program files\StormII\codec\Real\Plugins\security.dll
    c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
    c:\program files\StormII\codec\Real\Plugins\smlrender.dll
    c:\program files\StormII\codec\Real\Plugins\smmrender.dll
    c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
    c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
    c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
    c:\program files\StormII\codec\Real\Plugins\vidplin.dll
    c:\program files\StormII\codec\Real\Plugins\vidsite.dll
    c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
    c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
    c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
    c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll
    c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
    c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
    c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
    c:\program files\StormII\codec\RLMPCDec.ax
    c:\program files\StormII\codec\rmoc3260.dll
    c:\program files\StormII\codec\RMSplt.ax
    c:\program files\StormII\codec\Sc726dec.ax
    c:\program files\StormII\codec\scmpack.dll
    c:\program files\StormII\codec\scsource.ax
    c:\program files\StormII\codec\smackw32.dll
    c:\program files\StormII\codec\SonicLicenseManager9.dll
    c:\program files\StormII\codec\splitter.ax
    c:\program files\StormII\codec\TomsMoComp_ff.dll
    c:\program files\StormII\codec\ts.dll
    c:\program files\StormII\codec\tsccvid.dll
    c:\program files\StormII\codec\TTL2Dec.dll
    c:\program files\StormII\codec\v2k2_dec.dll
    c:\program files\StormII\codec\v2kdspde.dll
    c:\program files\StormII\codec\vc1dc.dll
    c:\program files\StormII\codec\vc1dmmx.dll
    c:\program files\StormII\codec\vc1dsse.dll
    c:\program files\StormII\codec\vc1dsse2.dll
    c:\program files\StormII\codec\vc1wp.ax
    c:\program files\StormII\codec\VDODEC32.dll
    c:\program files\StormII\codec\vdowave.drv
    c:\program files\StormII\codec\VgmAudio.ax
    c:\program files\StormII\codec\vgmbgr.ax
    c:\program files\StormII\codec\VgmSplt.ax
    c:\program files\StormII\codec\vgmv2k2.ax
    c:\program files\StormII\codec\Vid1Dec.dll
    c:\program files\StormII\codec\vmnc.dll
    c:\program files\StormII\codec\voxmsdec.ax
    c:\program files\StormII\codec\vp6vfw.dll
    c:\program files\StormII\codec\vp7vfw.dll
    c:\program files\StormII\codec\vssver2.scc
    c:\program files\StormII\codec\WMADMOD.dll
    c:\program files\StormII\codec\wmpasf.dll
    c:\program files\StormII\codec\wmsdmod.dll
    c:\program files\StormII\codec\WMVDECOD.dll
    c:\program files\StormII\codec\wmvdmod.dll
    c:\program files\StormII\codec\xvid.ax
    c:\program files\StormII\codec\xvidcore.dll
    c:\program files\StormII\codec\yv12vfw.dll
    c:\program files\StormII\current.ecs
    c:\program files\StormII\jscript.dll
    c:\program files\StormII\keys.dat
    c:\program files\StormII\media\def\def.flv
    c:\program files\StormII\media\def\def.ini
    c:\program files\StormII\media\empty.swf
    c:\program files\StormII\media\media4in1.swf
    c:\program files\StormII\media\mediabp.swf
    c:\program files\StormII\media\others.xml
    c:\program files\StormII\media\others.xml.ini
    c:\program files\StormII\media\stcon.ini
    c:\program files\StormII\media\toff.ini
    c:\program files\StormII\media\video_material_list.xml
    c:\program files\StormII\media\video_material_list.xml.ini
    c:\program files\StormII\media\video_style_list.xml
    c:\program files\StormII\media\video_style_list.xml.ini
    c:\program files\StormII\Media2.dll
    c:\program files\StormII\mee.db
    c:\program files\StormII\MovieInfo.dll
    c:\program files\StormII\mps.dll
    c:\program files\StormII\msscript.ocx
    c:\program files\StormII\msvcp60.dll
    c:\program files\StormII\rndrmgr.dll
    c:\program files\StormII\score.dll
    c:\program files\StormII\sexpert.dll
    c:\program files\StormII\Skin\¼ûÁúж¼×.zip
    c:\program files\StormII\Skin\±©·ç1¾*µä.zip
    c:\program files\StormII\Skin\±©·ç2¾*µä.zip
    c:\program files\StormII\spfa.dll
    c:\program files\StormII\splayers.dll
    c:\program files\StormII\sprobe.dll
    c:\program files\StormII\stormliv.exe
    c:\program files\StormII\stormply.exe
    c:\program files\StormII\StormRes.dll
    c:\program files\StormII\subdecoder.dll
    c:\program files\StormII\uninst.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_monitor
    -------\Service_ccosm
    -------\Service_ccosm


    ((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
    .

    2010-12-11 03:38 . 2010-12-11 03:40 -------- d-----w- c:\users\owner\AppData\Local\temp
    2010-12-11 03:38 . 2010-12-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-10 19:13 . 2010-12-10 19:13 -------- d-----w- c:\users\owner\AppData\Local\Adobe
    2010-12-08 01:33 . 2010-12-08 01:39 -------- d-----w- c:\programdata\SecTaskMan
    2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\program files\Security Task Manager
    2010-12-04 02:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-04 02:48 . 2010-12-04 17:02 -------- d-----w- c:\program files\Alwil Software
    2010-12-04 02:48 . 2010-12-04 02:48 -------- d-----w- c:\programdata\Alwil Software
    2010-12-04 02:37 . 2010-12-04 02:37 -------- d-----w- C:\43fd38b79586b12192672f43
    2010-12-04 02:18 . 2010-12-04 02:46 -------- d-----w- c:\programdata\MFAData
    2010-12-03 01:40 . 2010-12-03 01:40 -------- d-----w- c:\programdata\F-Secure
    2010-12-03 00:48 . 2010-12-03 01:05 -------- d-----w- C:\SWSetup
    2010-12-01 14:25 . 2010-12-01 14:25 -------- d-----w- c:\program files\Belkin
    2010-12-01 14:24 . 2010-12-01 14:24 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
    2010-12-01 14:04 . 2008-09-26 09:30 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2010-12-01 14:04 . 2008-09-26 09:26 221184 ----a-w- c:\windows\system32\RaCoInst.dll
    2010-11-30 13:16 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE0DCCB2-19BE-4A1F-916A-42D294D5F9A4}\mpengine.dll
    2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
    2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\programdata\Innovative Solutions
    2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\program files\Innovative Solutions
    2010-11-25 14:15 . 2010-11-30 03:05 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
    2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-11-25 14:11 . 2010-11-25 14:15 -------- d-----w- c:\program files\DivX
    2010-11-25 14:10 . 2010-11-25 14:15 -------- d-----w- c:\programdata\DivX

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 22:42 . 2010-10-21 13:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2010-10-21 13:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 15:41 . 2009-10-02 23:03 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-26 02:59 . 2010-06-12 19:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-09-26 02:59 . 2010-06-12 19:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 20:56 . 2010-09-22 20:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
    2010-09-13 13:56 . 2010-10-21 14:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-5-17 1835069]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    2010-10-19 20:35 2988400 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2010-05-24 19:06 323392 ----a-w- c:\users\owner\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-07-19 21:18 171032 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-07-19 21:18 136216 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-07-19 21:18 170520 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-04-10 17:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
    R3 ByakkoDriver;ByakkoDriver;c:\users\owner\AppData\Local\Temp\100581145.06-10-2010 [x]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-09-26 651264]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-30 3739080]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 528896]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
    R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
    R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IPNAT

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-09 c:\windows\Tasks\HPCeeScheduleForowner.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
    FF - plugin: c:\users\owner\Program Files\DNA\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
    FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-PlayNC Launcher - (no file)
    HKCU-Run-DriverMax - (no file)
    HKCU-Run-DriverMax_RESTART - (no file)
    SafeBoot-Wdf01000.sys
    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-Ptovuj - c:\users\owner\AppData\Local\masDNO.dll
    MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
    MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
    AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    AddRemove-Mabinogi - c:\nexon\Mabinogi\Mabinogi.exe
    AddRemove-storm2 - c:\program files\StormII\uninst.exe
    AddRemove-Tetris Game for Windows_is1 - c:\program files\Easiestutils\Tetris Game for Windows\unins000.exe
    AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    AddRemove-AikaOnline - c:\gpotato\AikaOnline\uninstall.exe
    AddRemove-heRO - c:\users\Public\Games\ro\Dreamer 3rd Jobs\Uninstal.exe
    AddRemove-LuminaRO Lite Setup 2010-09-12 - c:\users\Public\Games\ro\Dreamer 3rd Jobs\Uninstal.exe
    AddRemove-NCsoft-Aion - c:\program files\NCSoft\Launcher\NCLauncher.exe
    AddRemove-Sparkplayer (Beta) - c:\users\owner\Documents\Sparkplay Media\Sparkplayer (Beta)\Update.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-10 22:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ByakkoDriver]
    "ImagePath"="\??\c:\users\owner\AppData\Local\Temp\100581145.06-10-2010"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-10 22:48:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-11 03:48

    Pre-Run: 43,954,458,624 bytes free
    Post-Run: 43,856,842,752 bytes free

    - - End Of File - - 6925EC25B78E7E9F4B2E4727EBE51EB3

  9. #9
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default More info

    I am sure you already seen this i keep forgetting to let you know. Security Center is reporting Windows update is off and will not let me turn on and defender is also off and will not let turn on. I am sure you planned on getting them back on but just in case you did notice them off I would like to get them back on.

  10. #10
    Junior Member
    Join Date
    Sep 2009
    Posts
    29

    Default New problem with it

    I have noticed this morning that when the computer starts up explorer does not start with it. I can work around that by using Ctrl Alt Del task manager show all all process, does not work unless show all process then new task explorer and it starts then.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •