View Full Version : Laptop multple issue.
rngrgreen
2010-12-03, 18:17
Please be advised I have 2 computers having an issue (different problems.) So I am making 2 threads one for each. This one is for the Laptop.
First thing I notices is network icon says access denied while connected and can still browse the internet. I have tried to unistall device and reinstall fresh drivers same thing. As of today I now notice I can not install anything. The windows installer services cannot be accessed this can occur if the windows installer is not correctly installed. Contact you support personal for assistance.
I have ran F-Secure online scanner it did detect items and removed successfully I do not remember what they were. I also do not have a report to give for that. If it saves it somewhere I do not know where.
DDS (Ver_10-11-27.01) - NTFSx86
Run by owner at 12:01:07.13 on Fri 12/03/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
============== Running Processes ===============
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [PlayNC Launcher]
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\owner\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\toolbar@ask.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-12-03 01:40:58 -------- d-----w- c:\progra~2\F-Secure
2010-12-03 00:48:30 -------- d-----w- C:\SWSetup
2010-12-01 14:25:02 -------- d-----w- c:\program files\Belkin
2010-12-01 14:24:40 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-12-01 14:04:54 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-30 13:16:42 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ce0dccb2-19be-4a1f-916a-42d294d5f9a4}\mpengine.dll
2010-11-28 20:25:11 -------- d-----w- c:\users\owner\appdata\local\Innovative Solutions
2010-11-28 20:25:11 -------- d-----w- c:\progra~2\Innovative Solutions
2010-11-28 20:25:07 -------- d-----w- c:\program files\Innovative Solutions
2010-11-25 14:14:43 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-11-25 14:14:10 -------- d-----w- c:\program files\common files\DivX Shared
2010-11-25 14:11:36 -------- d-----w- c:\program files\DivX
2010-11-25 14:10:40 -------- d-----w- c:\progra~2\DivX
2010-11-09 23:35:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
==================== Find3M ====================
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 02:59:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 02:59:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 20:56:13 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
============= FINISH: 12:02:04.83 ===============
Hello rngrgreen,
If you have more than one infected computer in the house please let your helper know. Start a new topic for the next machine once the prior thread has been closed.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Open topic: http://forums.spybot.info/showthread.php?t=60727
Best regards. :)
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
It gets very complicated when you post for two different computers, the way we do this is to finish one, close the thread and then you post for the second one. No one helped you with the first one and you say its ok, what I have done was to reopen this one for your laptop as I see malware on it so we will work on the laptop and when its done if your still having issues with your desktop then start a new topic for it.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
rngrgreen
2010-12-10, 18:33
Ok first let inform you of other issues to I can not install or unistall anything. I get windows installer has failed, Windows installer service is not running or access denied. I tried to start service under services.msc I get access denied. Also sound services not working either. CD, DVD will not load anything I get program cannot be found. This one is radmon somtime cd dvd works.
Alright now that you know all systems I am not sure if that will help or not here is the requested logs.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5288
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12/10/2010 12:14:20 PM
mbam-log-2010-12-10 (12-14-20).txt
Scan type: Quick scan
Objects scanned: 151303
Time elapsed: 5 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 12/10/2010 12:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)
========== Modules (SafeList) ==========
MOD - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ccosm) -- C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (XDva285) -- C:\Windows\System32\XDva285.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (F-Secure Standalone Minifilter) -- C:\Users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys File not found
DRV - (EagleNT) -- C:\Users\owner\AppData\Local\Temp\EagleNT.sys File not found
DRV - (ByakkoDriver) -- C:\Users\owner\AppData\Local\Temp\100581145.06- File not found
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8777;https=127.0.0.1:8777
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.116
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..network.proxy.http: "10.81.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010/10/30 14:29:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010/11/25 09:15:33 | 000,000,000 | ---D | M]
[2009/03/13 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions
[2010/09/18 12:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/26 11:01:51 | 000,000,000 | ---D | M] () -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/11/23 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com
[2010/10/23 22:58:39 | 000,001,832 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\bing.xml
[2010/10/22 11:08:09 | 000,001,553 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\wowhead.xml
[2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell - "" = AutoRun
O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ffxivsetup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 15:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/09 09:06:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Vuze Downloads
[2010/12/07 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/12/07 20:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/12/03 21:48:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/03 21:37:16 | 000,000,000 | ---D | C] -- C:\43fd38b79586b12192672f43
[2010/12/03 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/02 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/12/02 19:48:30 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/12/01 09:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/12/01 09:24:40 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2010/12/01 09:04:54 | 000,651,264 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2010/12/01 09:04:54 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2010/11/30 12:41:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\owner\Desktop\ATF-Cleaner.exe
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Drivers
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Innovative Solutions
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/11/28 15:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/11/25 13:22:49 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\customclassitemfixer_v1
[2010/11/25 09:15:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DivX
[2010/11/25 09:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/11/25 09:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/11/25 09:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/11/25 09:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/19 15:39:04 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/10 12:05:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 12:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 12:05:23 | 2073,251,840 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 11:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/09 16:29:24 | 000,006,016 | ---- | M] () -- C:\Users\owner\Desktop\DDS.zip
[2010/12/09 16:15:00 | 199,527,180 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/09 16:06:30 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2010/12/07 06:09:12 | 000,032,256 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 11:55:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/02 11:42:12 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/02 11:42:12 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/02 08:56:43 | 000,001,079 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/02 08:56:43 | 000,001,055 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 15:25:09 | 000,000,919 | ---- | M] () -- C:\Users\owner\Desktop\DriverMax.lnk
[2010/11/25 13:22:15 | 000,128,434 | ---- | M] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
[2010/11/25 09:15:37 | 000,001,432 | ---- | M] () -- C:\Users\owner\Desktop\DivX Movies.lnk
[2010/11/25 09:14:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/25 09:14:37 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/12/09 16:29:24 | 000,006,016 | ---- | C] () -- C:\Users\owner\Desktop\DDS.zip
[2010/12/09 16:00:37 | 000,296,448 | ---- | C] () -- C:\Users\owner\Desktop\gmer.exe
[2010/12/04 12:12:05 | 2073,251,840 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 08:56:43 | 000,001,079 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/02 08:56:43 | 000,001,055 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/01 09:04:54 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/11/30 12:34:27 | 199,527,180 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/28 15:25:09 | 000,000,919 | ---- | C] () -- C:\Users\owner\Desktop\DriverMax.lnk
[2010/11/25 13:22:13 | 000,128,434 | ---- | C] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
[2010/11/25 09:15:37 | 000,001,432 | ---- | C] () -- C:\Users\owner\Desktop\DivX Movies.lnk
[2010/11/25 09:14:58 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/25 09:14:37 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/21 08:37:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010/10/21 08:37:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\k98417kepujtzpw2tf4poi79ey7dsn4z.ini
[2010/09/29 09:14:26 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/09/29 09:14:26 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/09/26 17:35:45 | 000,000,056 | ---- | C] () -- C:\Windows\SpeederXP.INI
[2010/09/18 12:27:52 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_3
[2010/08/31 13:19:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/08/31 13:19:28 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini
[2010/08/31 13:19:28 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini
[2010/08/31 13:19:28 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini
[2010/08/31 13:19:28 | 000,004,296 | ---- | C] () -- C:\Windows\System32\INI_Pro_Zune.ini
[2010/08/31 13:19:28 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini
[2010/08/31 13:19:28 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini
[2010/08/31 13:19:28 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini
[2010/08/31 13:19:28 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini
[2010/08/31 13:19:28 | 000,002,175 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPhone.ini
[2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2010/08/31 13:19:28 | 000,001,878 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini
[2010/08/31 13:19:28 | 000,001,739 | ---- | C] () -- C:\Windows\System32\INI_Pro_AppleTV.ini
[2010/08/31 13:19:28 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini
[2010/08/31 13:19:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/07/19 15:33:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/19 15:33:54 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/04 15:29:22 | 000,000,281 | ---- | C] () -- C:\ProgramData\Local Disk (C) - Shortcut.lnk
[2010/06/18 14:08:09 | 000,000,096 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/10 15:09:16 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2010/06/07 11:11:33 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_1
[2010/06/07 11:10:43 | 000,000,169 | ---- | C] () -- C:\Users\owner\AppData\Roaming\D2Info0
[2010/06/07 11:10:43 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_2
[2010/06/04 13:53:34 | 000,000,093 | ---- | C] () -- C:\Users\owner\AppData\Local\fusioncache.dat
[2010/05/22 12:59:20 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/05/17 13:19:25 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/15 07:44:34 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/10/22 10:00:45 | 000,000,148 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/20 13:25:51 | 000,001,215 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/18 20:18:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/17 20:53:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/28 20:20:36 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2009/05/04 19:47:37 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/02/04 10:20:10 | 000,032,256 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/01 15:18:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/01/05 15:51:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/05 15:51:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/05 15:50:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/05 15:50:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/05 15:48:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/05 15:47:38 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 01:44:13 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 01:38:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 01:36:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 01:35:06 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
========== LOP Check ==========
[2010/11/28 14:26:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
[2009/11/16 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.purple
[2010/08/21 11:56:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AnvSoft
[2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\app
[2010/05/17 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Application Data
[2010/12/10 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Azureus
[2010/12/10 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
[2010/06/25 15:11:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Crayon Physics Deluxe
[2010/05/24 14:56:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DNA
[2010/10/29 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus 2
[2010/06/07 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/09/18 12:27:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/06/07 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/22 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EternalEden
[2010/05/17 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FOG Downloader
[2010/08/08 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameTuts
[2010/05/29 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2010/05/17 09:40:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
[2010/08/19 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImTOO Software Studio
[2009/04/18 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iWin
[2010/09/29 09:20:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ManyCam
[2010/06/09 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NeopleLauncherDFO
[2009/04/10 14:23:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2010/12/07 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
[2009/05/03 18:46:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayFirst
[2010/10/31 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ProgSense
[2010/08/21 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Red Kawa
[2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/07/22 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Regensoft
[2010/10/31 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\runic games
[2010/09/29 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Secret of the Solstice
[2010/09/22 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemRequirementsLab
[2010/06/04 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Turbine
[2009/02/01 20:37:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2010/12/10 12:04:09 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >
rngrgreen
2010-12-10, 18:36
Here is the other one you right neede 2 post to put them up
OTL Extras logfile created on: 12/10/2010 12:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C59680-CBDF-42A1-B8A9-B28D304A35EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{196D4CD7-67F7-40A0-95B1-EE6A9D15F2B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{2081AC7F-7969-4CD4-9C11-1943C05150D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{389C24E5-8832-440B-9FFB-3E1BBD989CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E187A89-4D50-455A-882C-71A98D84AABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42ECA6A1-CCED-451E-BD69-BD614EF2883F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{44CE7BA2-E254-4C84-AEA3-C01A88B69AA7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50994B4B-B840-4CFE-988C-AEAC3FDE27BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F60B4E0-2658-4A35-89BA-6B9E9E0F996C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6751CF59-5C07-45A4-A77A-F5151CF5EC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{684B2906-A442-4916-9FE7-D0E7A36373AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{69DAE553-ED70-497E-9E8E-66441F3C4F4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6CF3FAE3-6FE3-48E4-971C-B265A48C4EDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75ADAE76-4EF4-4432-BD55-410E286539AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F2B886C-45BF-4C98-B3A7-B638A9C58B79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B397058-8DC4-4014-97BD-73F77F16BAB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7AE72E1-2733-40CB-9F9F-B3060DF2CE6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC0668D8-034A-4450-A3E1-2842E1B965B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C561784E-2291-4F45-9D77-6CE47CFB61CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{CDAABB2C-FA9C-4B4E-8168-0B27B50874EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD33E78B-A54B-4353-9553-429110B73ED2}" = rport=137 | protocol=17 | dir=out | app=system |
"{F211AA16-DF3B-493E-84F1-3EBA01343DBD}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{F4272B86-AC93-4E5E-B19B-2EB1982C46D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6EAC78C-855E-4BA6-87E5-8E902377EE31}" = lport=49200 | protocol=6 | dir=in | name=akamai netsession interface |
"{FF052CBA-196A-4D42-98AD-E8C379DE9810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F1A93B-502C-449E-AA33-4161A25D37DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0900C973-C49F-4E2D-8B21-3BF503920C34}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0B8D53F5-564C-47F0-9CB3-DB6D75762D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12CCCEA9-F058-473B-8BFE-886435644901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{156EFD44-1592-400D-9415-6E7CC44394B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1723377B-4017-4371-A3E3-B2B08291D1A5}" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
"{212CE7AC-60B3-476E-9B17-53B0D253450B}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{2D0F798D-DAF9-422B-9258-9AD564C5FA2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F4937F4-1ADB-4AC3-B3CC-C728F4CB5CE1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{321529E6-EAB5-410D-BA6A-6B618B28EF05}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{33A82482-5C01-4CFF-93E1-F517030AD44E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{343A8FF8-C189-47FD-AD8D-3447993FB524}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{358C533F-D578-4E10-8331-FF75B5803D0E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{385F2F44-1752-4D99-B873-633C89673100}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{3A755A0E-7B1E-4755-8AE3-3D75A2860A50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B0E8D81-3145-4D78-A942-1CDDC389E1EA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{450C95C7-F71A-4BF9-8289-BF2C0B9868D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DCDD217-C7CC-4EA7-B191-B6AF1B86522A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{55F2D62D-33BB-49ED-BC8F-9DA086E2D1EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{569D1FF6-86D3-4DB7-96E9-E77324AE5D49}" = protocol=6 | dir=in | app=c:\program files\stormii\stormliv.exe |
"{580B73C8-6C32-4033-A615-B7EECCF5D366}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5BFDCBF2-B1B8-408B-8265-28B156B34D4C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5DE1E07E-0232-4552-842F-567A9C012EF4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{679D0331-03B2-4C5A-A05B-3C89076430D3}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{67DE253E-88FB-408D-AFB3-FE4EE53EADD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69FAB3D6-E45E-4172-A1C2-9E3CE32D3C04}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6B8D3932-71D7-477D-B04D-2CBD42FC8557}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{76BFD47F-91B7-4BF6-A9C3-0435B15444EB}" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
"{791032B1-70E2-4313-BA95-56507D8ABECC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{7F998E83-D3CA-4150-9693-5078D0584806}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{81874413-243A-4109-B313-086E0D396475}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{826F747A-D68F-4678-A207-3DBDBFB1F07E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83728C45-CE59-4E7F-B354-D71AEA472349}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{885E9827-7478-41C0-81B6-4D810786BED6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8F8DFFF6-D128-4C03-A92C-715FA3E7C155}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{95EAA94F-8DEF-43B6-B4F0-93065F706FC7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A51FA3E6-60F2-4C79-AA9B-75612EBC4DC2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AE42AC6F-C12E-4057-9219-AC7DD2CFEE14}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{AF6B8925-E8C7-48F3-B2D5-82650A077872}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{B974CBD5-2124-418F-93B7-E38B68A19790}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B9B992C6-F3A0-48D3-8AD6-B1C7289D0A48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC3295F1-DF2B-46EE-97DF-DA3AF88CABAA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C7841F2B-E4D7-4108-BFB5-012DE9227AE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{C9D06CE9-A13D-48DA-A8E3-21B04EA757CF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CD8AC772-24E1-406D-AC94-340ABE20925E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D1AD7E34-9BD0-41E3-AE7F-F2C15E03E987}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D53B8B7E-D3B8-4479-B152-393894654F29}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DB0257E4-4390-47A5-AC44-6C4A25BF54F3}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{E15E8586-4ABB-4DEC-8CD5-A0D4CCF5C200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E265BD0A-188F-4255-9F83-28DFD22B5DE1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E463BCA0-B2DA-490E-8AAD-FB3F58787CBF}" = protocol=17 | dir=in | app=c:\program files\stormii\stormliv.exe |
"{E5B55089-C623-4269-9ABE-4FF00660B0CD}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E91DE1A0-9D0B-4B01-B7BE-6A77DB20280A}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{ED1809A0-3C0B-4B21-BB30-4F3983730379}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{F3B215A1-F050-4DEE-932D-30EA7D61BEBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F45B6A6B-95E9-4ED7-900D-36338B9845C3}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{FA22F1DA-E272-4F1C-BD7B-AAF97C55FA94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02C20BD9-0AC3-42CF-805F-BBEDB738526D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{0AAFBFF1-DE4D-48DE-A9D0-24F2A2BCAB1D}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{0B89EC0E-8070-455F-96EA-0ACD4643B775}C:\nexon\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
"TCP Query User{24A5AC76-967F-4073-B2EA-DB5D6D9862E7}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{2F94D875-469C-4F6F-AA27-3B28D5DA5D0B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{4185CAFC-D973-40B6-A0A9-8ABA6E195FA3}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
"TCP Query User{56F6FE65-63B2-4B8D-B936-882B2C39A5AA}C:\program files\stormii\storm.exe" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
"TCP Query User{82C87DDD-AD36-4164-A076-90E9FB99DB4E}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{857CDB38-7618-4575-B077-648DE0315101}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{8F8AE8F2-557E-467F-B52C-05BC0C378800}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9698F34E-D862-4F24-A9A4-F9D4B26BB234}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{97874278-61CE-4E5E-AFCD-02649ABBAA2E}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"TCP Query User{9B126C2E-8B8B-48E9-A2DA-CB12A86DDF5E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A837C0F1-6F8E-4C76-AB79-555C71889FCB}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
"TCP Query User{DD6EE687-7929-4D77-ABE6-DA3A63EF9EB5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E4A3450F-A31A-47EF-A930-FC2F28E5573F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F8EFDB34-DF6B-4E33-895C-4B1F93672496}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
"UDP Query User{1929362A-DEE2-424B-AB32-90FFD6FCEB5D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{21010343-4580-4304-A6FB-AF4AF8F36E4D}C:\program files\stormii\storm.exe" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
"UDP Query User{2FF161DC-C22C-4279-BD7C-9D93AD5A547F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{31C2EC59-6877-4EA7-8C2F-7DB5C283B4A2}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{32F1F6AE-1017-4F0F-AE10-2B861297B229}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{3DFB90E7-5271-4EA4-A77C-674F89BE3B30}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{4216BBD3-9965-446B-A2E6-7B9DE57AC83D}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{52956A67-DA28-4FE4-B81C-36B758809FF3}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{67A47844-5DEF-4550-A759-B1AD46BF93E7}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
"UDP Query User{69172F0B-91CB-49C5-968F-29D7CAE1A352}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
"UDP Query User{6E1B51D7-EA55-4AA3-B59F-028B4213ECB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{71F05586-F812-40DB-8C0C-AC3D19C63486}C:\nexon\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
"UDP Query User{7F394D10-DE71-41AC-A1D4-0D76C73CE664}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"UDP Query User{AE493B62-937E-4264-845E-A9C2955309E0}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
"UDP Query User{C8F9F12F-AE7D-4A06-BCDD-9A02AAB55721}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CC6419A7-B5D8-4D70-8722-4A0CF8C543BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D4D88C5F-2D41-43E5-A932-A529028A21D9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1b89540f-8f25-406d-82e9-21869e253ffc}" = PS_SF_03_D5400_ProductContext
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2DDEE1AF-730A-4CE0-90DB-A9EE84B9A959}" = EssenceRO
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{454070F6-2CAF-49DE-84E7-07DC177789FB}" = GPCabal LW
"{45813C0F-04E2-4757-9F64-A6386C169D21}" = D5400_Help
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4dd83a18-e502-461e-adfb-a458bd25e45d}" = PS_SF_03_D5400_Software_Min
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{581cae33-36d4-41e1-9673-bceb97763864}" = PS_SF_03_D5400_Software
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60131BE5-BE4D-4975-9108-DD0BE735890D}" = Xdelta 3.0t
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C9002E8-E0BE-482F-870C-3449BC817513}" = Aerrevan 5.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A738259E-000C-4678-9FD9-FB79D43FB21C}" = Secret of the Solstice
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2670e67-0398-4c53-957f-414d28a758e9}" = D5400
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAE390A5-2864-46b6-BC80-A656A2068CB4}" = HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBFD786F-691F-4C63-8F3E-AFE7FE324D88}" = Aion
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E57A2E59-7A17-4CCE-8EC5-4CF0DD41237B}" = Secret of the Solstice
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1C60F3E-70CF-42BF-8FEC-7B101A8C4868}" = IrisOnline
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.16 beta
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AutoHotkey" = AutoHotkey 1.0.48.05
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"DMX5_is1" = DriverMax 5
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Latale GP3.0" = Latale GP
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Risk" = Risk
"Runic Games Torchlight" = Torchlight
"Security Task Manager" = Security Task Manager 1.8c
"Shop for HP Supplies" = Shop for HP Supplies
"SpeederXP_is1" = SpeederXP v2.61
"StarCraft II" = StarCraft II
"storm2" = ±©·çÓ°Òô
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tetris Game for Windows_is1" = Tetris Game for Windows 2.5.9
"Videora iPod Converter" = Videora iPod Converter 5.04
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 5.04
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"YInstHelper" = Yahoo! Install Manager
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"BitTorrent DNA" = DNA
"heRO" = heRO
"LuminaRO Lite Setup 2010-09-12" = LuminaRO Lite Setup 2010-09-12
"NCsoft-Aion" = Aion
"SOE-Free Realms" = Free Realms
"Sparkplayer (Beta)" = Sparkplayer (Beta)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
rngrgreen
2010-12-10, 18:39
I meant to say in the reply I am sorry about posting 2 computers I did not read rules completely. So I wanted to apologize for that and thank you for the help again.
Not a problem with your posts, the forums can be a bit confusing if your not familiar with them.
Lets run this tool, after you download it with Vista you need to right click and RUN AS ADMINISTRATOR
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
rngrgreen
2010-12-11, 04:55
Here is ComboFix Report as requested
ComboFix 10-12-09.04 - owner 12/10/2010 22:29:07.1.2 - x86
Running from: c:\users\owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
c:\program files\StormII
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\aasc32.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\acelpdec.ax
c:\program files\StormII\codec\asusasv1.dll
c:\program files\StormII\codec\asusasv2.dll
c:\program files\StormII\codec\ativcr2.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\avidavicodec.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\binkw32.dll
c:\program files\StormII\codec\BSPVDEC.dll
c:\program files\StormII\codec\bsrsrc.ax
c:\program files\StormII\codec\BsrVideoDec.ax
c:\program files\StormII\codec\bw10.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cdxareader.ax
c:\program files\StormII\codec\ChpSrcFilter.ax
c:\program files\StormII\codec\CinemasterAudio.DLL
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLNavX.ax
c:\program files\StormII\codec\CLRVIDDC.DLL
c:\program files\StormII\codec\clrviddd.dll
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVSD.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUVCcodc.dll
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\DECVW_32.DLL
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\DmoDec.dll
c:\program files\StormII\codec\DSMSplitter.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\Flash.ocx
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\frapsvid.dll
c:\program files\StormII\codec\G722ADEC.dll
c:\program files\StormII\codec\GeoCodec.dll
c:\program files\StormII\codec\H264VDEC.dll
c:\program files\StormII\codec\HBGKDec.ax
c:\program files\StormII\codec\HBGKSrc.ax
c:\program files\StormII\codec\HikAudioDec.ax
c:\program files\StormII\codec\HikFileSource.ax
c:\program files\StormII\codec\HikFileSplitter.ax
c:\program files\StormII\codec\HIKM4DEC.dll
c:\program files\StormII\codec\HikVideoDec.ax
c:\program files\StormII\codec\i263_32.drv
c:\program files\StormII\codec\icmw_32.dll
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\kdh4.dll
c:\program files\StormII\codec\kdm4.dll
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\l3codecx.ax
c:\program files\StormII\codec\LCodcCMP.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\libmpeg2_ff.dll
c:\program files\StormII\codec\libmplayer.dll
c:\program files\StormII\codec\LMVRGBxf.dll
c:\program files\StormII\codec\LMVYUVxf.dll
c:\program files\StormII\codec\lsvxdec.dll
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\Mp3Decdll.dll
c:\program files\StormII\codec\MP3DMOD.DLL
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\mp43dmod.dll
c:\program files\StormII\codec\mp4sdmod.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\MpaDecFilter.ax
c:\program files\StormII\codec\MpaSplitter.ax
c:\program files\StormII\codec\mpcvideodec.ax
c:\program files\StormII\codec\Mpeg2DecFilter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg2splt.ax
c:\program files\StormII\codec\mpg4dmod.dll
c:\program files\StormII\codec\msdmo.dll
c:\program files\StormII\codec\msms001.vwp
c:\program files\StormII\codec\msvcp71.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\MZP4_DEC.DLL
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\NeMP4Splitter.ax
c:\program files\StormII\codec\nvviddec.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\Plugins\nppl3260.dll
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\npqtplugin.dll
c:\program files\StormII\codec\Plugins\nprpjplug.dll
c:\program files\StormII\codec\Plugins\nsIQTScriptablePlugin.xpt
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
c:\program files\StormII\codec\Plugins\QuickTimePlugin.class
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\pvmjpg21.dll
c:\program files\StormII\codec\PVWV220.DLL
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\QTSystem\CFCharacterSetBitmaps.bitmap
c:\program files\StormII\codec\QTSystem\CoreVideo.qtx
c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\CoreVideo.qtr
c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.qts
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.dll
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtxs
c:\program files\StormII\codec\QTSystem\QuickTime3GPP.qtx
c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeH264.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeVR.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
c:\program files\StormII\codec\QuickTime.qts
c:\program files\StormII\codec\QuickTimeVR.qtx
c:\program files\StormII\codec\RadGtSplitter.ax
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv1.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\rv10.dll
c:\program files\StormII\codec\Real\Codecs\rv20.dll
c:\program files\StormII\codec\Real\Codecs\rv30.dll
c:\program files\StormII\codec\Real\Codecs\rv40.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\Real\Common\objb3201.dll
c:\program files\StormII\codec\Real\Common\pnen3260.dll
c:\program files\StormII\codec\Real\Common\pngu3267.dll
c:\program files\StormII\codec\Real\Common\pnrs3260.dll
c:\program files\StormII\codec\Real\Common\rppr3260.dll
c:\program files\StormII\codec\Real\Common\security.dll
c:\program files\StormII\codec\Real\Plugins\audplin.dll
c:\program files\StormII\codec\Real\Plugins\authmgr.dll
c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
c:\program files\StormII\codec\Real\Plugins\clntxres.dll
c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs
c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
c:\program files\StormII\codec\Real\Plugins\hxxml.dll
c:\program files\StormII\codec\Real\Plugins\imgrender.dll
c:\program files\StormII\codec\Real\Plugins\memfsys.dll
c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
c:\program files\StormII\codec\Real\Plugins\mp3render.dll
c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
c:\program files\StormII\codec\Real\Plugins\pacplin.dll
c:\program files\StormII\codec\Real\Plugins\plusplin.dll
c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
c:\program files\StormII\codec\Real\Plugins\ramrender.dll
c:\program files\StormII\codec\Real\Plugins\rarender.dll
c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
c:\program files\StormII\codec\Real\Plugins\rtrender.dll
c:\program files\StormII\codec\Real\Plugins\rvrender.dll
c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
c:\program files\StormII\codec\Real\Plugins\security.dll
c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
c:\program files\StormII\codec\Real\Plugins\smlrender.dll
c:\program files\StormII\codec\Real\Plugins\smmrender.dll
c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
c:\program files\StormII\codec\Real\Plugins\vidplin.dll
c:\program files\StormII\codec\Real\Plugins\vidsite.dll
c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll
c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
c:\program files\StormII\codec\RLMPCDec.ax
c:\program files\StormII\codec\rmoc3260.dll
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\Sc726dec.ax
c:\program files\StormII\codec\scmpack.dll
c:\program files\StormII\codec\scsource.ax
c:\program files\StormII\codec\smackw32.dll
c:\program files\StormII\codec\SonicLicenseManager9.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\TomsMoComp_ff.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\TTL2Dec.dll
c:\program files\StormII\codec\v2k2_dec.dll
c:\program files\StormII\codec\v2kdspde.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vc1wp.ax
c:\program files\StormII\codec\VDODEC32.dll
c:\program files\StormII\codec\vdowave.drv
c:\program files\StormII\codec\VgmAudio.ax
c:\program files\StormII\codec\vgmbgr.ax
c:\program files\StormII\codec\VgmSplt.ax
c:\program files\StormII\codec\vgmv2k2.ax
c:\program files\StormII\codec\Vid1Dec.dll
c:\program files\StormII\codec\vmnc.dll
c:\program files\StormII\codec\voxmsdec.ax
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\vssver2.scc
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\wmpasf.dll
c:\program files\StormII\codec\wmsdmod.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\codec\yv12vfw.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\jscript.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\mee.db
c:\program files\StormII\MovieInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\score.dll
c:\program files\StormII\sexpert.dll
c:\program files\StormII\Skin\¼ûÁúж¼×.zip
c:\program files\StormII\Skin\±©·ç1¾*µä.zip
c:\program files\StormII\Skin\±©·ç2¾*µä.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\sprobe.dll
c:\program files\StormII\stormliv.exe
c:\program files\StormII\stormply.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_monitor
-------\Service_ccosm
-------\Service_ccosm
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.
2010-12-11 03:38 . 2010-12-11 03:40 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-12-11 03:38 . 2010-12-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 19:13 . 2010-12-10 19:13 -------- d-----w- c:\users\owner\AppData\Local\Adobe
2010-12-08 01:33 . 2010-12-08 01:39 -------- d-----w- c:\programdata\SecTaskMan
2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\program files\Security Task Manager
2010-12-04 02:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-04 02:48 . 2010-12-04 17:02 -------- d-----w- c:\program files\Alwil Software
2010-12-04 02:48 . 2010-12-04 02:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-04 02:37 . 2010-12-04 02:37 -------- d-----w- C:\43fd38b79586b12192672f43
2010-12-04 02:18 . 2010-12-04 02:46 -------- d-----w- c:\programdata\MFAData
2010-12-03 01:40 . 2010-12-03 01:40 -------- d-----w- c:\programdata\F-Secure
2010-12-03 00:48 . 2010-12-03 01:05 -------- d-----w- C:\SWSetup
2010-12-01 14:25 . 2010-12-01 14:25 -------- d-----w- c:\program files\Belkin
2010-12-01 14:24 . 2010-12-01 14:24 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-12-01 14:04 . 2008-09-26 09:30 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04 . 2008-09-26 09:26 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-30 13:16 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE0DCCB2-19BE-4A1F-916A-42D294D5F9A4}\mpengine.dll
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\programdata\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\program files\Innovative Solutions
2010-11-25 14:15 . 2010-11-30 03:05 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-25 14:11 . 2010-11-25 14:15 -------- d-----w- c:\program files\DivX
2010-11-25 14:10 . 2010-11-25 14:15 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-10-21 13:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-10-21 13:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:41 . 2009-10-02 23:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 02:59 . 2010-06-12 19:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 02:59 . 2010-06-12 19:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 20:56 . 2010-09-22 20:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-09-13 13:56 . 2010-10-21 14:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-5-17 1835069]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-19 20:35 2988400 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-24 19:06 323392 ----a-w- c:\users\owner\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-07-19 21:18 171032 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-07-19 21:18 136216 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-07-19 21:18 170520 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 17:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
R3 ByakkoDriver;ByakkoDriver;c:\users\owner\AppData\Local\Temp\100581145.06-10-2010 [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-09-26 651264]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-30 3739080]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 528896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPNAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-12-09 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\users\owner\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Ptovuj - c:\users\owner\AppData\Local\masDNO.dll
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
AddRemove-Mabinogi - c:\nexon\Mabinogi\Mabinogi.exe
AddRemove-storm2 - c:\program files\StormII\uninst.exe
AddRemove-Tetris Game for Windows_is1 - c:\program files\Easiestutils\Tetris Game for Windows\unins000.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
AddRemove-AikaOnline - c:\gpotato\AikaOnline\uninstall.exe
AddRemove-heRO - c:\users\Public\Games\ro\Dreamer 3rd Jobs\Uninstal.exe
AddRemove-LuminaRO Lite Setup 2010-09-12 - c:\users\Public\Games\ro\Dreamer 3rd Jobs\Uninstal.exe
AddRemove-NCsoft-Aion - c:\program files\NCSoft\Launcher\NCLauncher.exe
AddRemove-Sparkplayer (Beta) - c:\users\owner\Documents\Sparkplay Media\Sparkplayer (Beta)\Update.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 22:41
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\users\owner\AppData\Local\Temp\100581145.06-10-2010"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-12-10 22:48:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 03:48
Pre-Run: 43,954,458,624 bytes free
Post-Run: 43,856,842,752 bytes free
- - End Of File - - 6925EC25B78E7E9F4B2E4727EBE51EB3
rngrgreen
2010-12-11, 05:07
I am sure you already seen this i keep forgetting to let you know. Security Center is reporting Windows update is off and will not let me turn on and defender is also off and will not let turn on. I am sure you planned on getting them back on but just in case you did notice them off I would like to get them back on.
rngrgreen
2010-12-11, 14:57
I have noticed this morning that when the computer starts up explorer does not start with it. I can work around that by using Ctrl Alt Del task manager show all all process, does not work unless show all process then new task explorer and it starts then.
Hi,
I see destop.ini was removed, it may have been infected,
Go here and post the results
C:\Qoobox\ComboFix-quarantined-files.txt:
You can also try this
Go to Start> Run and type in regedit
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
if there's a value "NoDesktop" with a data value of 1
either delete the value,or change the data value from 1 to 0
Try this, post the log from the quarantine file . There is still more to remove
rngrgreen
2010-12-11, 21:28
I checked registry key as suggested the is no item saying nodesktop I have defualt, Value not set, BindDirectlyToPropertySetStorage value 0, and NoDrives value 0
2010-12-11 03:47:50 . 2010-12-11 03:47:50 860 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Sparkplayer (Beta).reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,860 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NCsoft-Aion.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-LuminaRO Lite Setup 2010-09-12.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 450 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-heRO.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 732 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AikaOnline.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,872 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,858 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Tetris Game for Windows_is1.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 754 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-storm2.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Mabinogi.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Ad-Aware.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,576 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Activation Assistant for the 2007 Microsoft Office suites.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdatePSTShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdatePDIRShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,178 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdateP2GoShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 868 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Steam.reg.dat
2010-12-11 03:47:38 . 2010-12-11 03:47:38 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Ptovuj.reg.dat
2010-12-11 03:47:38 . 2010-12-11 03:47:38 862 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG8_TRAY.reg.dat
2010-12-11 03:47:37 . 2010-12-11 03:47:37 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Wdf01000.sys.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax_RESTART.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 95 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PlayNC Launcher.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2010-12-11 03:47:30 . 2010-12-11 03:47:30 116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-11 03:37:06 . 2010-12-11 03:37:06 202 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ccosm.reg.dat
2010-12-11 03:35:53 . 2010-12-11 03:35:53 1,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_monitor.reg.dat
2010-12-11 03:35:30 . 2010-12-11 03:35:30 9,255 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-11 03:24:35 . 2010-12-11 03:29:07 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-11 23:42:29 . 2010-11-30 03:08:18 7,950 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\stcon.ini.vir
2010-05-17 19:07:31 . 2010-05-17 19:07:32 79,726 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\uninst.exe.vir
2008-10-06 09:03:26 . 2008-10-06 09:03:26 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bsrsrc.ax.vir
2008-10-06 09:03:16 . 2008-10-06 09:03:16 712,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\BsrVideoDec.ax.vir
2008-09-22 10:26:52 . 2008-09-22 10:26:52 11,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mee.db.vir
2008-09-22 08:36:00 . 2008-09-22 08:36:00 217,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\yv12vfw.dll.vir
2008-09-17 07:51:32 . 2008-09-17 07:51:32 28,051 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\current.ecs.vir
2008-09-11 00:38:30 . 2008-09-11 00:38:30 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HBGKSrc.ax.vir
2008-09-11 00:37:36 . 2008-09-11 00:37:36 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HBGKDec.ax.vir
2008-06-25 03:02:08 . 2008-06-25 03:02:08 35,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\sprobe.dll.vir
2008-05-06 03:27:18 . 2008-05-06 03:27:18 364,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\AviSplitter.ax.vir
2008-04-28 09:33:36 . 2008-04-28 09:33:36 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\MovieInfo.dll.vir
2008-04-28 07:40:18 . 2008-04-28 07:40:18 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\rndrmgr.dll.vir
2008-04-25 10:22:18 . 2008-04-25 10:22:18 970,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mps.dll.vir
2008-04-18 11:33:54 . 2008-04-18 11:33:54 425,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\splayers.dll.vir
2008-04-15 09:06:46 . 2008-04-15 09:06:46 197,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\coreavc.ax.vir
2008-04-09 04:33:28 . 2008-04-09 04:33:28 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1wp.ax.vir
2008-03-29 15:42:30 . 2008-03-29 15:42:30 536,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\splitter.ax.vir
2008-03-29 15:42:08 . 2008-03-29 15:42:08 148,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkx.dll.vir
2008-03-29 15:42:04 . 2008-03-29 15:42:04 141,312 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp4.dll.vir
2008-03-29 15:42:00 . 2008-03-29 15:42:00 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ts.dll.vir
2008-03-29 15:41:52 . 2008-03-29 15:41:52 23,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkunicode.dll.vir
2008-03-29 15:41:52 . 2008-03-29 15:41:52 79,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkzlib.dll.vir
2008-03-25 12:58:52 . 2008-03-25 12:58:52 232,103 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\¼ûÁúж¼×.zip.vir
2008-03-25 07:11:02 . 2008-03-25 07:11:02 1,030,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\subdecoder.dll.vir
2008-03-25 03:24:00 . 2008-03-25 03:24:00 438,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RMSplt.ax.vir
2008-03-25 02:32:42 . 2008-03-25 02:32:42 2,991,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Flash.ocx.vir
2008-03-20 11:16:38 . 2008-03-20 11:16:38 439,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NDParser.ax.vir
2008-03-20 10:54:28 . 2008-03-20 10:54:28 288,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NeMP4Splitter.ax.vir
2008-03-11 06:33:58 . 2008-03-11 06:33:58 473,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\stormliv.exe.vir
2008-03-10 12:26:50 . 2008-03-10 12:26:50 174 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vssver2.scc.vir
2008-03-05 12:13:20 . 2008-03-05 12:13:20 520,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLNavX.ax.vir
2008-03-05 12:13:20 . 2008-03-05 12:13:20 516,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\clvsdx.ax.vir
2008-03-02 10:09:24 . 2008-03-02 10:09:24 2,138,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpcvideodec.ax.vir
2008-02-21 09:34:14 . 2008-02-21 09:34:14 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_TomsMoComp.dll.vir
2008-02-21 09:33:54 . 2008-02-21 09:33:54 344,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_kernelDeint.dll.vir
2008-02-21 09:33:46 . 2008-02-21 09:33:46 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_xvidcore.dll.vir
2008-02-21 09:33:22 . 2008-02-21 09:33:22 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmplayer.dll.vir
2008-02-21 09:33:12 . 2008-02-21 09:33:12 1,695,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libavcodec.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 2,404,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_liba52.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libdts.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libfaad2.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmad.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmpeg2.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 97,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_realaac.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_samplerate.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_theora.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 81,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_tremor.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 38,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_unrar.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 26,624 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_wmv9.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 8,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLT_ffdshow.dll.vir
2008-02-21 09:16:34 . 2008-02-21 09:16:34 94,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffsource.ax.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 5,484,571 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avcodec.dll.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 621,974 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avformat.dll.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 52,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avutil.dll.vir
2008-02-20 09:19:50 . 2008-02-20 09:19:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffmpeg.dll.vir
2008-02-16 08:17:16 . 2008-02-16 08:17:16 409,600 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLVSplitter.ax.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 983,116 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVc1Dec.ax.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 462,921 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse.dll.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 450,635 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse2.dll.vir
2008-02-01 09:24:02 . 2008-02-01 09:24:02 487,491 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dc.dll.vir
2008-02-01 09:24:02 . 2008-02-01 09:24:02 487,497 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dmmx.dll.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 323,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 3,502,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 933,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 507,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 868,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 876,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 233,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 13,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 3,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 18,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 160,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 30,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 40,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 28,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 57,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 5,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 18,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 29,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 16,084,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.qts.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 352,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.qtx.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 2,637,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.qtx.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 73,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 243,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 158,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 8,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 8,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 9,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 377,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CFCharacterSetBitmaps.bitmap.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 323,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.qtx.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 3,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.Resources\CoreVideo.qtr.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 3,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr.vir
2008-01-31 15:12:04 . 2008-01-31 15:12:04 65,508 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtxs.vir
2008-01-30 13:17:34 . 2008-01-30 13:17:34 877,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVSD.ax.vir
2008-01-30 13:16:46 . 2008-01-30 13:16:46 492,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cl264dec.ax.vir
2008-01-30 13:16:14 . 2008-01-30 13:16:14 91,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pthreadVC2.dll.vir
2008-01-30 13:16:06 . 2008-01-30 13:16:06 836,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse2.dll.vir
2008-01-30 13:16:06 . 2008-01-30 13:16:06 845,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse3.dll.vir
2008-01-30 13:16:04 . 2008-01-30 13:16:04 726,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse.dll.vir
2008-01-30 13:16:02 . 2008-01-30 13:16:02 730,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dmmx.dll.vir
2008-01-30 13:16:00 . 2008-01-30 13:16:00 775,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264be.dll.vir
2008-01-18 09:38:38 . 2008-01-18 09:38:38 253,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LMVRGBxf.dll.vir
2008-01-18 09:38:38 . 2008-01-18 09:38:38 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LMVYUVxf.dll.vir
2008-01-18 04:44:46 . 2008-01-18 04:44:46 258,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mmamrdmx.ax.vir
2008-01-15 06:44:42 . 2008-01-15 06:44:42 2,928,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\scmpack.dll.vir
2007-12-24 08:55:00 . 2007-12-24 08:55:00 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CUVCcodc.dll.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 601 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 45 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\toff.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 57 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 5,890 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.vir
2007-12-17 06:44:30 . 2007-12-17 06:44:30 641,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormRes.dll.vir
2007-12-13 04:41:52 . 2007-12-13 04:41:52 64,424 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\stormply.exe.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 289,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Media2.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 35,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\score.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 27,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\sexpert.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 72,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\spfa.dll.vir
2007-12-10 04:50:42 . 2007-12-10 04:50:42 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\TomsMoComp_ff.dll.vir
2007-12-10 04:49:52 . 2007-12-10 04:49:52 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libmplayer.dll.vir
2007-12-10 04:49:42 . 2007-12-10 04:49:42 1,626,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libavcodec.dll.vir
2007-12-10 04:49:06 . 2007-12-10 04:49:06 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libmpeg2_ff.dll.vir
2007-12-04 11:19:22 . 2007-12-04 11:19:22 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\divxdec.ax.vir
2007-11-27 09:39:24 . 2007-11-27 09:39:24 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSource.ax.vir
2007-11-27 08:10:10 . 2007-11-27 08:10:10 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikVideoDec.ax.vir
2007-11-19 04:40:12 . 2007-11-19 04:40:12 507,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MP4Splitter.ax.vir
2007-11-16 03:12:18 . 2007-11-16 03:12:18 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSplitter.ax.vir
2007-11-08 08:02:26 . 2007-11-08 08:02:26 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikAudioDec.ax.vir
2007-11-05 02:20:32 . 2007-11-05 02:20:32 90,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HIKM4DEC.dll.vir
2007-11-05 02:17:34 . 2007-11-05 02:17:34 184,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\H264VDEC.dll.vir
2007-11-02 08:55:18 . 2007-11-02 08:55:18 962,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\empgdmx.ax.vir
2007-10-25 06:47:14 . 2007-10-25 06:47:14 577,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ac3filter.ax.vir
2007-10-10 04:26:08 . 2007-10-10 04:26:08 86,031 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\±©·ç1¾*µä.zip.vir
2007-10-10 04:26:08 . 2007-10-10 04:26:08 108,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\±©·ç2¾*µä.zip.vir
2007-09-21 11:43:12 . 2007-09-21 11:43:12 720,935 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.flv.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 36 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\empty.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 119,335 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\media4in1.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 117,683 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\mediabp.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 95 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.ini.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\jscript.dll.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msscript.ocx.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 413,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msvcp60.dll.vir
2007-08-27 08:30:18 . 2007-08-27 08:30:18 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\BSPVDEC.dll.vir
2007-08-27 08:30:18 . 2007-08-27 08:30:18 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Mp3Decdll.dll.vir
2007-08-08 03:45:34 . 2007-08-08 03:45:34 581,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\nvviddec.ax.vir
2007-07-19 08:59:02 . 2007-07-19 08:59:02 326,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\SonicLicenseManager9.dll.vir
2007-07-11 04:03:04 . 2007-07-11 04:03:04 547 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.manifest.vir
2007-07-04 21:33:22 . 2007-07-04 21:33:22 892,928 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\iconv.dll.vir
2007-06-28 10:55:18 . 2007-06-28 10:55:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvid.ax.vir
2007-06-28 10:52:18 . 2007-06-28 10:52:18 765,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvidcore.dll.vir
2007-06-25 03:27:58 . 2007-06-25 03:27:58 290,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ChpSrcFilter.ax.vir
2007-06-13 07:48:50 . 2007-06-13 07:48:50 895,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmvdmod.dll.vir
2007-06-13 07:48:34 . 2007-06-13 07:48:34 396,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMADMOD.dll.vir
2007-06-10 22:43:40 . 2007-06-10 22:43:40 230,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DCBassSource.ax.vir
2007-06-04 07:43:42 . 2007-06-04 07:43:42 1,583,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CinemasterAudio.DLL.vir
2007-05-07 14:32:42 . 2007-05-07 14:32:42 352,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DSMSplitter.ax.vir
2007-04-21 06:43:42 . 2007-04-21 06:43:42 356,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpegSplitter.ax.vir
2007-03-30 09:52:18 . 2007-03-30 09:52:18 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\PmpSplt.ax.vir
2007-03-09 20:58:36 . 2007-03-09 20:58:36 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\kdh4.dll.vir
2007-03-09 20:58:36 . 2007-03-09 20:58:36 217,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\kdm4.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 92,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 150,520 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_aac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 12,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_alac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 33,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_ape.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 23,616 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_flac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 18,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_mpc.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 8,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_tta.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 28,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_wv.dll.vir
2006-11-14 18:56:12 . 2006-11-14 18:56:12 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\tsccvid.dll.vir
2006-11-02 12:34:46 . 2006-11-02 12:34:46 84,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MP3DMOD.DLL.vir
2006-10-26 11:52:34 . 2006-10-26 11:52:34 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\frapsvid.dll.vir
2006-10-19 03:04:42 . 2006-10-19 03:04:42 565,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\embd3260.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\security.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmxfpln.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmxrend.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\security.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\tfilesys.dll.vir
2006-10-18 15:05:32 . 2006-10-18 15:05:32 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\audplin.dll.vir
2006-10-18 15:05:32 . 2006-10-18 15:05:32 167,936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vidplin.dll.vir
2006-10-18 15:05:30 . 2006-10-18 15:05:30 126,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp4arender.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 172,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\objb3201.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\hxxml.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp3fformat.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp3render.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\sdpplin.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\stubdrm.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 185,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\rmoc3260.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 144,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nppl3260.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\imgrender.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rtfformat.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rtrender.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\atrc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\cook.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drv1.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drv2.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drvc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\hxltcolor.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 552,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\raac.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv10.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv20.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv30.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv40.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\sipr.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rarender.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 172,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rvrender.dll.vir
2006-10-18 15:05:20 . 2006-10-18 15:05:20 81,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nprpjplug.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 421,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pngu3267.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pnrs3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\rppr3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 524,288 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\rpcl3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 577,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\rput3260.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 1,310,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pnen3260.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\authmgr.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\clbascauth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\clntxres.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\httpfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\hxsdp.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\memfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ntlmauth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\pacplin.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\plusplin.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\pxcb3210.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ramfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ramrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rn5auth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smlfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smlrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smmrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smplfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 376,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vidsite.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 94,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vsrlocal.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs.vir
2006-10-18 13:47:22 . 2006-10-18 13:47:22 1,382,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmsdmod.dll.vir
2006-10-18 13:47:22 . 2006-10-18 13:47:22 1,543,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMVDECOD.dll.vir
2006-10-18 13:47:18 . 2006-10-18 13:47:18 211,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\qasf.dll.vir
2006-10-18 13:47:14 . 2006-10-18 13:47:14 212,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mfplat.dll.vir
2006-10-18 13:47:14 . 2006-10-18 13:47:14 317,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp4sdmod.dll.vir
2006-10-03 11:17:40 . 2006-10-03 11:17:40 344,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RadGtSplitter.ax.vir
2006-09-26 05:44:20 . 2006-09-26 05:44:20 831,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpaDecFilter.ax.vir
2006-09-26 05:44:20 . 2006-09-26 05:44:20 434,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Mpeg2DecFilter.ax.vir
2006-09-14 14:20:42 . 2006-09-14 14:20:42 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\npqtplugin.dll.vir
2006-09-03 08:00:00 . 2006-09-03 08:00:00 61,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\acelpdec.ax.vir
2006-09-01 08:14:54 . 2006-09-01 08:14:54 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QuickTimeVR.qtx.vir
2006-09-01 08:14:48 . 2006-09-01 08:14:48 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QuickTime.qts.vir
2006-07-17 16:00:00 . 2006-07-17 16:00:00 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcr71.dll.vir
2006-03-24 09:01:36 . 2006-03-24 09:01:36 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp7vfw.dll.vir
2005-12-27 12:13:04 . 2005-12-27 12:13:04 458,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\GeoCodec.dll.vir
2005-11-25 20:39:42 . 2005-11-25 20:39:42 368,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\OggSplitter.ax.vir
2005-11-25 20:29:54 . 2005-11-25 20:29:54 331,776 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpaSplitter.ax.vir
2005-11-25 20:15:04 . 2005-11-25 20:15:04 249,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cdxareader.ax.vir
2005-11-25 20:13:28 . 2005-11-25 20:13:28 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cddareader.ax.vir
2005-11-18 05:59:12 . 2005-11-18 05:59:12 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vmnc.dll.vir
2005-09-22 07:11:02 . 2005-09-22 07:11:02 2,394 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nsIQTScriptablePlugin.xpt.vir
2005-09-22 07:11:02 . 2005-09-22 07:11:02 4,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\QuickTimePlugin.class.vir
2005-07-17 06:34:32 . 2005-07-17 06:34:32 49,195 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\cn\embed_cn.dll.vir
2005-06-19 15:08:38 . 2005-06-19 15:08:38 233,472 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\fpsechnd.dll.vir
2005-03-02 04:14:48 . 2005-03-02 04:14:48 32,813 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll.vir
2005-01-28 00:53:20 . 2005-01-28 00:53:20 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmpasf.dll.vir
2004-12-10 02:03:02 . 2004-12-10 02:03:02 438,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp6vfw.dll.vir
2004-08-31 16:00:00 . 2004-08-31 16:00:00 148,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpg2splt.ax.vir
2004-08-31 16:00:00 . 2004-08-31 16:00:00 14,336 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msdmo.dll.vir
2004-08-18 14:24:18 . 2004-08-18 14:24:18 6,789 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nppl3260.xpt.vir
2004-08-18 14:24:14 . 2004-08-18 14:24:14 531 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 98,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\14_43260.dll.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 57,383 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\28_83260.dll.vir
2004-08-17 12:00:00 . 2004-08-17 12:00:00 310,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp43dmod.dll.vir
2004-08-17 12:00:00 . 2004-08-17 12:00:00 240,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpg4dmod.dll.vir
2004-08-10 12:49:38 . 2004-08-10 12:49:38 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\ralf.dll.vir
2004-06-29 02:22:00 . 2004-06-29 02:22:00 139,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\oggfformat.dll.vir
2004-06-29 02:22:00 . 2004-06-29 02:22:00 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vorbisrend.dll.vir
2004-05-24 03:12:14 . 2004-05-24 03:12:14 204,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\lsvxdec.dll.vir
2004-05-14 04:59:12 . 2004-05-14 04:59:12 6,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pndx5016.dll.vir
2004-05-14 04:59:12 . 2004-05-14 04:59:12 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pndx5032.dll.vir
2004-05-14 04:59:10 . 2004-05-14 04:59:10 278,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pncrt.dll.vir
2004-04-05 02:31:02 . 2004-04-05 02:31:02 499,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcp71.dll.vir
2004-03-26 02:48:00 . 2004-03-26 02:48:00 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VgmSplt.ax.vir
2004-03-12 03:51:00 . 2004-03-12 03:51:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vgmv2k2.ax.vir
2004-03-12 03:49:00 . 2004-03-12 03:49:00 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VgmAudio.ax.vir
2004-02-02 09:15:20 . 2004-02-02 09:15:20 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\v2kdspde.dll.vir
2004-01-10 10:11:10 . 2004-01-10 10:11:10 480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\keys.dat.vir
2004-01-10 10:11:10 . 2004-01-10 10:11:10 480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\keys.dat.vir
2003-11-08 10:34:00 . 2003-11-08 10:34:00 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RLMPCDec.ax.vir
2003-09-26 02:11:00 . 2003-09-26 02:11:00 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vgmbgr.ax.vir
2003-08-18 10:52:00 . 2003-08-18 10:52:00 82,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vdowave.drv.vir
2003-08-08 06:08:54 . 2003-08-08 06:08:54 200,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\scsource.ax.vir
2003-06-23 02:40:20 . 2003-06-23 02:40:20 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DmoDec.dll.vir
2003-05-29 05:41:36 . 2003-05-29 05:41:36 503,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpeg2dmx.ax.vir
2003-04-25 09:22:16 . 2003-04-25 09:22:16 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MZP4_DEC.DLL.vir
2003-04-16 11:19:58 . 2003-04-16 11:19:58 375,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\binkw32.dll.vir
2003-03-26 06:53:20 . 2003-03-26 06:53:20 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\G722ADEC.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 24,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\aasc32.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 71,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\asusasv1.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 92,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\asusasv2.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avidavicodec.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pvmjpg21.dll.vir
2003-02-25 01:32:24 . 2003-02-25 01:32:24 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\PVWV220.DLL.vir
2002-12-27 02:18:58 . 2002-12-27 02:18:58 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\TTL2Dec.dll.vir
2002-08-22 07:28:00 . 2002-08-22 07:28:00 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Vid1Dec.dll.vir
2002-07-24 10:35:00 . 2002-07-24 10:35:00 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\ddnt3260.dll.vir
2002-07-24 10:35:00 . 2002-07-24 10:35:00 20,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\dnet3260.dll.vir
2002-05-31 09:40:12 . 2002-05-31 09:40:12 96,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\smackw32.dll.vir
2002-05-15 04:58:38 . 2002-05-15 04:58:38 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\v2k2_dec.dll.vir
2002-04-21 18:13:42 . 2002-04-21 18:13:42 338,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LCodcCMP.dll.vir
2002-04-20 23:58:52 . 2002-04-20 23:58:52 312,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLRVIDDC.DLL.vir
2002-04-20 23:52:32 . 2002-04-20 23:52:32 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\clrviddd.dll.vir
2001-05-03 07:29:40 . 2001-05-03 07:29:40 307,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\icmw_32.dll.vir
2000-08-01 20:41:04 . 2000-08-01 20:41:04 391,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\i263_32.drv.vir
2000-06-08 17:00:00 . 2000-06-08 17:00:00 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\l3codecx.ax.vir
2000-05-17 19:22:40 . 2000-05-17 19:22:40 114,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bw10.dll.vir
2000-03-15 16:56:32 . 2000-03-15 16:56:32 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\voxmsdec.ax.vir
1999-12-10 08:23:16 . 1999-12-10 08:23:16 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Sc726dec.ax.vir
1999-10-29 18:36:40 . 1999-10-29 18:36:40 424,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msms001.vwp.vir
1999-02-03 08:44:00 . 1999-02-03 08:44:00 150,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ativcr2.dll.vir
1996-11-12 02:12:08 . 1996-11-12 02:12:08 76,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VDODEC32.dll.vir
1996-08-14 04:41:24 . 1996-08-14 04:41:24 88,464 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DECVW_32.DLL.vir
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::
Driver::
ByakkoDriver
XDva285
XDva349
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ByakkoDriver]
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
rngrgreen
2010-12-12, 18:29
Combo Fix Report
ComboFix 10-12-09.04 - owner 12/11/2010 19:36:22.2.2 - x86
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BYAKKODRIVER
-------\Legacy_XDVA285
-------\Legacy_XDVA349
-------\Service_ByakkoDriver
-------\Service_XDva285
-------\Service_XDva349
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 00:45 . 2010-12-12 00:48 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-12-12 00:45 . 2010-12-12 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 14:53 . 2010-12-11 15:21 -------- d-----w- c:\users\owner\AppData\Roaming\ImgBurn
2010-12-11 14:48 . 2010-12-11 16:44 -------- d-----w- c:\program files\JDownloader
2010-12-11 14:39 . 2010-12-11 14:39 -------- d-----w- c:\program files\ImgBurn
2010-12-11 13:57 . 2010-12-11 13:57 -------- d-----w- c:\users\owner\AppData\Roaming\abgx360
2010-12-11 13:52 . 2010-12-11 13:52 -------- d-----w- c:\program files\abgx360
2010-12-10 19:13 . 2010-12-10 19:13 -------- d-----w- c:\users\owner\AppData\Local\Adobe
2010-12-08 01:33 . 2010-12-08 01:39 -------- d-----w- c:\programdata\SecTaskMan
2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\program files\Security Task Manager
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-12-04 02:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-04 02:48 . 2010-12-04 17:02 -------- d-----w- c:\program files\Alwil Software
2010-12-04 02:48 . 2010-12-04 02:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-04 02:37 . 2010-12-04 02:37 -------- d-----w- C:\43fd38b79586b12192672f43
2010-12-04 02:18 . 2010-12-04 02:46 -------- d-----w- c:\programdata\MFAData
2010-12-03 01:40 . 2010-12-03 01:40 -------- d-----w- c:\programdata\F-Secure
2010-12-03 00:48 . 2010-12-03 01:05 -------- d-----w- C:\SWSetup
2010-12-01 14:25 . 2010-12-01 14:25 -------- d-----w- c:\program files\Belkin
2010-12-01 14:24 . 2010-12-01 14:24 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-12-01 14:04 . 2008-09-26 09:30 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04 . 2008-09-26 09:26 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-30 13:16 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE0DCCB2-19BE-4A1F-916A-42D294D5F9A4}\mpengine.dll
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\programdata\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\program files\Innovative Solutions
2010-11-25 14:15 . 2010-11-30 03:05 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-25 14:11 . 2010-11-25 14:15 -------- d-----w- c:\program files\DivX
2010-11-25 14:10 . 2010-11-25 14:15 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-10-21 13:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-10-21 13:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:41 . 2009-10-02 23:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 02:59 . 2010-06-12 19:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 02:59 . 2010-06-12 19:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 20:56 . 2010-09-22 20:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-09-13 13:56 . 2010-10-21 14:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-5-17 1835069]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-19 20:35 2988400 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-24 19:06 323392 ----a-w- c:\users\owner\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-07-19 21:18 171032 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-07-19 21:18 136216 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-07-19 21:18 170520 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 17:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-09-26 651264]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-30 3739080]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 528896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-12-09 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\users\owner\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 19:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-12-11 19:55:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 00:55
ComboFix2.txt 2010-12-11 03:48
Pre-Run: 55,366,344,704 bytes free
Post-Run: 61,692,866,560 bytes free
- - End Of File - - 8FCFEB919E142B908832A1C1A519E993
rngrgreen
2010-12-12, 18:30
Just to let I still need to use task manager under administrator to start explorer
Did this start after the first run of Combofix ?
Try this
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
1-Click Ctrl+Alt+Del to open the task manager.
2- In menu "new task" type "explorer". The screen now shows your normal desktop with icons,etc.
3- In Init>run, type regedit and press Enter. This opens the registry.
4-Find HKEY_CURRENT_USER\software\microsoft\windowsNT\CurrentVersion\winlogon
5-Create (with mouse right button) a new sequence value named "shell".
6-double click on it, and attribute the value "explorer.exe". You'll see at the right panel: shell REG_SZ explorer.exe
7-close the tool registry editor and reinitialize the PC. Your PC will boot with the usual desktop with your icons and taskbar.
8- It is wise make a restoration point before step 3,so you can go back to the previous config if something goes wrong.
rngrgreen
2010-12-12, 20:05
New sequence that is a dword right called shell
Alos I have checked this before normally this under localmachine is where i have always seen it I am not trying to question your expertise i am just verifying. Please do not get offended. The dword shell is under localmachine...\winlogon
in actually this actually did not start after combofix my cousin which is actully his computer he just told me that he re-enabled UAC and that is what actually caused it to happen. I just caught him running spybot S&D It did find some stuff but before I remove I wanted to let you know what it found. Also he will not be doing anything else After I found this out he now banned from it until you and i are done. Anyway what Spybot found it is attached to big would need multiple posts.
First off , besides having to Task Manager into windows, how is it running overall ?
Since we just do malware removal on this forum, why dont you post in this windows forum about explorer. Let them know what your cousin did and I am sure they can help you get it up and running. There more in tune to windows issues than I .
http://forums.whatthetech.com/index.php?showforum=119
No offense taking :)
Let me know how it went at the other forum
rngrgreen
2010-12-12, 21:43
I will do that besides taskmanager it is running much better. I will let you know how it goes over there
:bigthumb:
Been at this for over seven years, all us forums work together, as long as you register with your current user name I will find you and add my two cents if needed.
rngrgreen
2010-12-13, 00:42
Sorry I already registered different user name. This current user name is old and i tend to be a little more professional new user name is barry-green id shows as Mr. Green
What exactly is your sign on name at WTT ?
rngrgreen
2010-12-13, 02:10
barry-green sign on name
Mr.Green user name that you see
direct link
http://forums.whatthetech.com/index.php?showtopic=115994&st=0
OK, I am linked to you now.
I did not put the period in your name so couldn't find you
Mr.Green
rngrgreen
2010-12-13, 02:26
I really thank you for your help with all of this
Your very welcome.
Lets see what they can do for you over at WTT