Log in

Vladski · 1 Please help on Fri Feb 25, 2011 8:12 pm

Vladski

Member
Member

Hello,
First off i would like to say thank you for your time and knowledge in these matters. I have just(hopefully)removed system tools 2011 from my computer thanks to this site. Compassion and kindness are hard to come by these days.
Anyway, I just want to end my troubles once and for all, I seem to (sometimes) have BSOD, particularly while playing my games, whenever I Google something, and click on a link, it shows me a completely different link, which is often times hard to back out of. Computer seems a tad slow at processing and errors are frequent. Avast anti-virus and malwarebytes have so far been unsuccessful at detecting anything. Attached is a copy of my TFC logs, maybe you guys can come up with something. Thank you in advance.
Very Respectfully,
Vlad
OTL logfile created on: 25.02.2011 17:00:14 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Bastardman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 10,33 Gb Free Space | 7,57% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,96 Gb Free Space | 49,60% Space Free | Partition Type: NTFS

Computer Name: BASTARDMAN-PC | User Name: Bastardman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.25 16:59:40 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Bastardman\Downloads\OTL.exe
PRC - [2011.02.25 09:26:11 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011.01.20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.12.10 14:34:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.26 21:46:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010.09.16 12:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.05.10 14:06:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Razer\Abyssus\razertra.exe
PRC - [2010.05.10 14:04:08 | 000,223,744 | ---- | M] () -- C:\Program Files\Razer\Abyssus\razerhid.exe
PRC - [2010.04.24 10:25:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.08.25 16:56:40 | 000,323,658 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Abyssus\razerofa.exe
PRC - [2009.06.03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.06.03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.04.10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.15 08:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008.05.02 11:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008.02.22 14:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008.02.22 13:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008.01.20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.01 19:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.12.21 07:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.02 21:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.09.13 11:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.09.13 11:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.07.18 05:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2007.07.18 05:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.07.18 05:26:26 | 000,320,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
PRC - [2007.07.18 05:26:24 | 000,387,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
PRC - [2007.07.18 05:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
PRC - [2007.02.12 10:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 10:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011.02.25 16:59:40 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Bastardman\Downloads\OTL.exe
MOD - [2010.08.31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011.02.25 09:26:11 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.20 05:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.05.02 11:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.02.22 13:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008.01.20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.01 19:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.13 11:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.02.12 10:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011.02.06 09:43:13 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.09.07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.12.21 21:50:16 | 000,005,760 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vHidDev.sys -- (vHidDev)
DRV - [2009.12.05 07:07:30 | 000,135,320 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009.11.20 18:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.30 10:53:42 | 000,009,216 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Abyssus.sys -- (Abyssus03)
DRV - [2009.09.16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.09.16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.09.16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.09.16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.09.16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.09.23 06:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.09.23 06:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008.08.10 17:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008.08.10 17:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008.08.10 17:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008.08.10 17:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008.07.03 05:43:06 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008.07.03 05:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.03.27 05:27:32 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.01.20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.01 19:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.12.02 21:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.12.02 21:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.07.19 17:12:00 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.18 05:30:28 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007.07.17 16:11:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.17 16:11:14 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.17 16:11:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.06.26 11:15:22 | 000,117,888 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\physX32.sys -- (physX32)
DRV - [2006.11.02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 00:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.24 05:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005.06.24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [1996.04.03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080913
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.selectedEngine: "http://www.mail.ru/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 14:34:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.10 10:30:07 | 000,000,000 | ---D | M]

[2008.11.09 14:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastardman\AppData\Roaming\Mozilla\Extensions
[2011.02.25 09:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\extensions
[2010.09.18 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.08 14:46:31 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2010.09.18 12:03:26 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\extensions\personas@christopher.beard
[2010.03.03 23:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.18 16:53:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\BASTARDMAN\APPDATA\LOCAL\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}
[2009.07.08 14:47:07 | 000,001,435 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mailru.xml

O1 HOSTS File: ([2006.09.18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O4 - HKLM..\Run: [Abyssus] C:\Program Files\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] File not found
O4 - HKLM..\Run: [ATT-SST_UninstallTracking] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ciphnatt] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = File not found
O4 - Startup: C:\Users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
O8 - Extra context menu item: Ïîèñê@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll (@Mail.Ru)
O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll (@Mail.Ru)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bastardman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bastardman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a384788-8156-11dd-8bf3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3a384788-8156-11dd-8bf3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{87ba7ec3-ad1a-11dd-8ad5-00219bd9ca01}\Shell - "" = AutoRun
O33 - MountPoints2\{87ba7ec3-ad1a-11dd-8ad5-00219bd9ca01}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = G:\arun.exe
O33 - MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = H:\suppress_explorer.exe
O33 - MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = I:\suppress_explorer.exe
O33 - MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = J:\suppress_explorer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.25 11:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\dBgIeLf15100
[2011.02.24 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Bastardman\Desktop\EVA
[2011.02.23 13:25:07 | 000,000,000 | ---D | C] -- C:\Users\Bastardman\AppData\Local\Microsoft_Corporation
[2011.02.23 06:32:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.23 06:30:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.23 06:30:29 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.23 06:30:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.23 06:30:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.23 06:30:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.23 06:30:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.23 06:30:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.23 06:30:26 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.23 06:30:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.23 06:30:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.23 06:30:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.23 06:30:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.23 06:30:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.23 06:30:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.23 06:30:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.23 06:30:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.16 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.02.16 15:41:11 | 000,000,000 | R--D | C] -- C:\Users\Bastardman\Videos
[2011.02.15 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\Bastardman\AppData\Local\EA Games
[2011.02.15 19:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.02.09 17:00:23 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 17:00:20 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 17:00:20 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 17:00:07 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.09 17:00:07 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.09 17:00:07 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.09 17:00:07 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.09 17:00:07 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.02.09 17:00:07 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.09 17:00:07 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.09 17:00:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.09 17:00:06 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.09 17:00:06 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.09 17:00:06 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.09 17:00:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.09 17:00:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.09 17:00:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.09 17:00:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.09 17:00:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.09 17:00:05 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.09 17:00:05 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.09 17:00:05 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.09 17:00:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.09 17:00:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.09 17:00:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.09 17:00:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.09 17:00:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.09 17:00:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.09 16:59:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.09 16:59:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 16:59:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 16:59:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.09 16:59:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 16:59:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 16:59:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.09 16:59:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.09 16:59:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.09 16:59:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.09 16:59:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.09 16:59:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.09 16:59:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.09 16:59:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.09 16:59:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.09 16:59:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.09 16:59:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.09 16:59:45 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 16:59:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.06 10:04:10 | 000,000,000 | ---D | C] -- C:\Users\Bastardman\Favorites\Documents\Black & White 2
[2011.02.06 09:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2
[2011.02.06 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios
[2011.02.06 09:43:13 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.02.06 09:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.02.06 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\Bastardman\AppData\Roaming\DAEMON Tools Lite
[2011.02.06 09:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.02.05 13:30:42 | 008,500,623 | ---- | C] (LionHead Studios Ltd.) -- C:\Users\Bastardman\Desktop\runblack.exe
[2011.02.05 13:21:25 | 000,000,000 | ---D | C] -- C:\Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.25 16:30:36 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.25 16:30:36 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.25 16:24:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 16:24:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 16:24:18 | 000,053,450 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.02.25 16:24:17 | 000,053,450 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.25 16:24:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.02.25 16:24:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.25 16:23:55 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.25 16:23:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.25 16:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 16:12:58 | 000,008,592 | ---- | M] () -- C:\Users\Bastardman\AppData\Local\d3d9caps.dat
[2011.02.25 12:10:44 | 316,089,171 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 11:11:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.02.24 17:10:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011.02.23 11:10:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.02.22 23:10:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011.02.15 17:46:29 | 000,139,776 | ---- | M] () -- C:\Users\Bastardman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.07 14:59:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011.02.06 09:58:33 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Black & White 2.lnk
[2011.02.06 09:43:13 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.02.05 13:37:48 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011.02.05 12:06:21 | 000,138,416 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.05 12:06:11 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.02.05 12:00:21 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.02.04 14:21:19 | 000,000,720 | ---- | M] () -- C:\Users\Bastardman\AppData\Roaming\wklnhst.dat
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.23 06:30:15 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.23 06:30:15 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.23 06:30:15 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.06 09:58:33 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Black & White 2.lnk
[2011.02.05 13:37:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.10.16 23:17:05 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.04 13:58:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.02.18 16:53:35 | 000,000,120 | ---- | C] () -- C:\Users\Bastardman\AppData\Local\Mcuxerocohuv.dat
[2010.02.18 16:53:35 | 000,000,000 | ---- | C] () -- C:\Users\Bastardman\AppData\Local\Izuqiyopubopituc.bin
[2010.02.18 16:49:46 | 000,000,024 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\cqfyto.dat
[2009.10.29 18:24:14 | 000,000,720 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\wklnhst.dat
[2009.09.17 21:58:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.15 22:22:31 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.09.08 16:53:10 | 000,053,450 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.08 16:52:36 | 000,053,450 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.21 09:11:39 | 000,014,087 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\UserTile.png
[2009.01.10 14:40:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.18 21:33:54 | 000,139,776 | ---- | C] () -- C:\Users\Bastardman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.12 10:49:08 | 000,008,592 | ---- | C] () -- C:\Users\Bastardman\AppData\Local\d3d9caps.dat
[2008.09.24 18:12:13 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.09.24 18:12:13 | 000,138,056 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\PnkBstrK.sys
[2008.09.24 18:11:58 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.09.24 17:27:43 | 000,027,810 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\nvModes.001
[2008.09.24 17:05:27 | 000,027,810 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\nvModes.dat
[2008.09.24 15:59:40 | 000,001,834 | ---- | C] () -- C:\Users\Bastardman\AppData\Roaming\install.dat
[2008.09.13 05:35:06 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.09.13 05:34:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.09.13 03:15:13 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006.11.02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996.04.03 11:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Unicode (All) ==========
[2009.07.11 10:31:28 | 000,000,000 | ---D | M](C:\Users\Bastardman\Favorites\Documents\????? Mail.Ru ??????) -- C:\Users\Bastardman\Favorites\Documents\Файлы Mail.Ru Агента
[2009.07.11 10:31:28 | 000,000,000 | ---D | C](C:\Users\Bastardman\Favorites\Documents\????? Mail.Ru ??????) -- C:\Users\Bastardman\Favorites\Documents\Файлы Mail.Ru Агента
[2009.07.08 14:46:46 | 000,001,725 | ---- | M] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2009.07.08 14:46:46 | 000,001,725 | ---- | C] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2009.07.08 14:46:46 | 000,001,721 | ---- | M] ()(C:\Users\Bastardman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru ?????.lnk) -- C:\Users\Bastardman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru Агент.lnk
[2009.07.08 14:46:46 | 000,001,721 | ---- | C] ()(C:\Users\Bastardman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru ?????.lnk) -- C:\Users\Bastardman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru Агент.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Vladski · 2 Re: Please help on Fri Feb 25, 2011 8:13 pm

Vladski

Member
Member

OTL Extras logfile created on: 25.02.2011 17:00:15 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Bastardman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 10,33 Gb Free Space | 7,57% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,96 Gb Free Space | 49,60% Space Free | Partition Type: NTFS

Computer Name: BASTARDMAN-PC | User Name: Bastardman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{164080E0-4F2B-4E82-B0EF-843154200755}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A021E84-2D0C-46EA-9226-9DD5C01D4758}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CA5C405-81D7-411A-9BD5-D73B2BE30588}" = lport=5358 | protocol=6 | dir=in | app=system |
"{1D6DE822-0824-4BFF-9ED9-907AC08C4154}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A3FE8C1-F10A-45C9-8FEE-8D77A4B8DE02}" = rport=5357 | protocol=6 | dir=out | app=system |
"{37B1EB99-10D8-4696-8BA7-A8250032301E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B0654B4-56D6-4498-A5B8-CB51EF935425}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45E1BBCA-AD2C-44A3-8949-715F6D63783C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{519C48A4-E805-40D8-A695-1BA7915290B8}" = rport=5358 | protocol=6 | dir=out | app=system |
"{576870EC-B2AF-4A7D-9413-737FD60A294D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6550F894-D9B9-4E55-8C5A-6F18881F5691}" = lport=5357 | protocol=6 | dir=in | app=system |
"{6968DC6C-6E59-48D7-88C3-2CCF1305BFBE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69BE86CE-85D8-45ED-B5CD-266A4FFDF9AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DB24B83-3567-4D15-B957-1E2DDAAC6793}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{914BEA30-3047-4AD8-ABAA-2AE821C48903}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94D6A6CB-C8A6-402F-AEA0-42E951CD4BCF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9727A3CB-6030-4D46-94FB-9A344F45486B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D9E1A7B-B2D3-42DF-B908-D7A66985020E}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{A2C3821D-9EA0-4876-AF25-B99445D05630}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B78903ED-6011-442C-9149-CC038ADD0359}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D52E5AB0-6CBB-493B-97D9-A448DAE68E1C}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{DE7B9B97-1F8F-45D4-83ED-5CF4801BBA47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E332A823-D229-4357-98E5-52F6AC98F880}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA195101-1C58-410E-8D12-815795485875}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6E828FD-E208-4E76-8EBF-F58CB479FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4A88B7-1FE5-42F7-AD1F-EC9F610A6E92}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0A4F0B28-8BA3-4CD2-80F6-20AC686C7669}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{0AD871B3-9AFE-4423-BD1B-0B3402E57056}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0C4440E5-1E22-46FC-AFD7-D8AC2AE921F4}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{0CFBA74B-2D12-457C-B81C-E379408E715D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{0DC7345B-AD0E-4FDF-9A8A-5506D41BD4F5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0E775F5F-DE67-4FCF-BE65-7F8335FC899F}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{0FB1A0B5-4218-42E9-BC30-66D50C2FE70F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{0FD302EE-3A3F-457A-B21F-142775B66370}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{112AD453-2DB7-4935-B5E2-7686D7D7E3B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12C1C41F-4C49-4AC5-BBED-FECF53755542}" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{132D3485-A483-4E64-95DF-CC70FED5BA1B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{15719DB9-89B1-458F-9F00-3CB357ACBC58}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{172FD5CB-35C0-4498-94EA-8D2A26BEEB2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1938BEF0-4148-456E-84BB-0416084C8AA7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead space 2\deadspace2.exe |
"{28807FD5-E7D6-4144-AE10-BFFF06EC4B16}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{30090053-44C2-4E58-A55E-DCCB539D82ED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{30D5690D-462C-4B4F-8837-A91BA7BDB10D}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{30F3385D-5918-4DBF-86CA-2CB15477DD45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32C0A731-8024-4635-8AA3-E2E99D37990A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41885FE4-7F3F-43AE-8499-5F6F7BD42526}" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{45AF6D34-E70F-4E40-865C-A567A9D1D4AF}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{46900B65-7023-4AE1-98F1-023746203238}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{52E5BA8E-F70C-4F82-84A9-B579CD4CB073}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{548F9E1B-57C6-4B63-81ED-5D59627C2BF1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{55B25038-B96F-40E7-ADD3-B370362563B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56ECA63B-6E4F-4C6E-B33C-CA36E82B4054}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{5806D059-7FD2-45DA-9D8F-1268BFC5010A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{5A6F8985-ABA4-4D4F-9BA0-362860020829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B4064DB-C57F-4863-A72D-77719B039321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BDEB865-B531-448B-9EEA-EBF11F801B8C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{5C7C28DF-D1D7-4A66-AC63-9378E971CBEA}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5ED85545-6F13-4A87-BAD7-1F2853F53EBC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{63B0C23A-03B3-48AE-A930-F1130B00E378}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66A48544-B32D-43E8-9A8F-BA1253E2EBC0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{704D4BD4-2B23-4F5B-9F5E-33C6AE6BE5F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{719BD481-1968-439E-B957-52BFCD2F7D94}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{7347A403-24FC-44D3-8DCC-889C4209D8AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{74329684-F7B1-4AF2-915E-74F52D8C7379}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{7478D3A0-7AD9-4A20-B686-ABEB595ACC15}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{750E2E74-94C4-47D8-B246-7D9A2E987156}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{76F57AE8-41F6-4D06-ACF5-922D5B68B022}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{774365A1-A8C0-497C-B8AA-277995ECADF3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{79B10464-C632-4DF9-BA86-333EE30AF1C3}" = protocol=6 | dir=out | app=system |
"{79B895B1-6CA0-448F-ADE6-DA93EA00D1AF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{79C645D5-2F14-4598-A6FF-92BC32D29CD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{7AAA45D5-30C4-47AE-9D65-4B30A21159C6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7AE89FE7-4722-4C86-B95B-7D7D40ED3420}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7CB6430B-8DB3-4EC5-92F8-AA349922B02A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81580809-E969-4CCF-8862-7A1DDAB0D71A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{8692C1E4-47EA-43B2-9005-9DF8366B022E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{892C7510-9A32-4CB4-98CA-130B8B455C7B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8A1F2EBF-5132-474C-B5E1-AC9C74647E93}" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{918EAB14-1A4D-4698-A243-D981A703EBAE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{9D8345E2-CD42-4A8D-9305-40094EA40E27}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9D930B66-9B3D-4FD6-BF15-EEEF3AF0A63A}" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{9ED320FC-AECE-4927-9DA1-CD7881F44D12}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{A1DAEB70-8D3A-4FAC-B0C5-4726F801ECF2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A22DE62A-1B77-4D1D-BDA9-C6275E3D31DD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{AABDAB19-3570-4BD0-8B8B-7F182C0C176E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{B37053F9-0729-41D3-AC8E-F973EF63E563}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{B6D9E165-625A-4DE2-947E-99BB6DE29A52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B896D8DF-3A3F-4377-A572-1489CF61656F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C008B3A4-B968-4FCF-93AD-FD2175A04565}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C2428178-E6A7-4A00-A8B5-550D82443D89}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C2EDDF79-B938-4E2F-A1D9-543A613D81DB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{C48A5AFE-7727-4DF8-BBBA-6C359A76693E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{C5436590-B5CE-47BF-9156-54FF9EDBEE82}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C82FA435-8D82-4C9D-B58A-CC5D9D64300C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{C9355622-1A78-469F-9711-841CBCEDB162}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D575A703-789F-4896-AAA8-31DBA14411B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8B191E2-0863-4978-92F8-D06B178AB051}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB79DD85-8068-41C0-9B35-861AE9256855}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead space 2\deadspace2.exe |
"{DC5DDEAE-4F08-4D09-8999-648EC2ACCD4E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{DEE4D5CA-7510-465E-B0A7-03002E4FA621}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E34FC98F-0913-40F7-B4AA-BD5A267CFE5A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{E48B3B74-085D-451E-A08A-F27CB440D299}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{E509B480-B6B9-477E-92D1-81ED8A34CFD6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E785F957-565A-40CC-9B3A-DDE6DEA58244}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F29D378C-59D2-4464-80A4-F91C518D2F06}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F5E7E837-7F50-464B-AB1C-C7388A48B006}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{FC052CF4-0E9F-4CAE-AA86-65B286650332}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{00F89FA0-FB8F-4983-9423-E41A964A8E26}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{08341221-B367-4453-A2ED-B5874A3A4BBE}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{152CE467-C57A-4595-9474-DF012E53DB93}C:\users\bastardman\downloads\blackwhite\runblack.exe" = protocol=6 | dir=in | app=c:\users\bastardman\downloads\blackwhite\runblack.exe |
"TCP Query User{205E1CB0-005E-416D-B2B5-09EBB8ED96A9}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{22AB5507-23C2-428C-938F-E3CA03845F4E}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{280ED8A6-B0A7-4B29-9564-DAB8FE10B973}C:\windows\temp\_ex-08.exe" = protocol=6 | dir=in | app=c:\windows\temp\_ex-08.exe |
"TCP Query User{31915CD7-21BD-4428-B972-79D225A89A8F}C:\program files\att-sst\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"TCP Query User{385AB004-F120-4797-9331-DA48038ECA98}C:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe |
"TCP Query User{5ADB7165-6EDC-47D4-ABFE-D34A5F6C0F61}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{5B8E7289-CB8F-455B-AEDA-9394F5AA4FEC}C:\program files\stardock games\demigod\bin\demigod-nosound.exe" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod-nosound.exe |
"TCP Query User{60DB886F-36E7-4D56-8284-2059678AD591}C:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\ncr3k0gu\download[1].exe" = protocol=6 | dir=in | app=c:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\ncr3k0gu\download[1].exe |
"TCP Query User{61B29FF0-74F0-4F5F-B68A-F2DAB7456568}C:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe |
"TCP Query User{62E9CE79-B0D1-4102-AD36-759460EB1C1C}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{79194725-4F54-4216-85DD-AEAE72F85FA9}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{7CA16D67-7E1C-47F6-90B6-066796BB864C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7D58E211-43ED-4F09-B447-FF99E93EA6CD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{85B44641-FED0-4EC3-90A9-D8DE34C7CD59}C:\program files\steam\steamapps\vladski\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\vladski\counter-strike source\hl2.exe |
"TCP Query User{8B2F9EC9-510C-43C1-AD4B-C8429D6B7386}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"TCP Query User{A2B005E7-C31A-438F-ABF0-13094D8A9B66}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{AE9705BB-550B-48A6-BC16-641AB3BC6CB4}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{B54AB5F4-1BF8-4C6E-9423-20F705E742B7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CEDEA13B-2514-453C-B6E4-75729C298DE1}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"TCP Query User{DCA46AC1-1294-40D2-85FB-5F45385EBB00}C:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\prw85wlw\download[1].exe" = protocol=6 | dir=in | app=c:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\prw85wlw\download[1].exe |
"TCP Query User{F207DB3C-ECAD-4170-BCF3-E191AA95297D}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{F2284825-D496-4D58-A969-B2088D555548}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{FB58C63F-594B-46EE-9A9A-5D98F8BD0556}C:\program files\steam\steamapps\vladski\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\vladski\counter-strike\hl.exe |
"TCP Query User{FDD28391-EBC5-46E1-9108-6B1E869EA328}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{1B773021-6549-4D19-9287-F055570ECBAE}C:\program files\steam\steamapps\vladski\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\vladski\counter-strike\hl.exe |
"UDP Query User{23873DEC-EE1F-41C8-9993-60B94FC84323}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{243A0A40-41B9-4A75-BC36-8A1DF320F62D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{26189C7F-CE66-4721-8C9A-5F9489E2CD23}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{3C27EA2C-0302-4A0D-BF69-3C09E9D354BE}C:\windows\temp\_ex-08.exe" = protocol=17 | dir=in | app=c:\windows\temp\_ex-08.exe |
"UDP Query User{451BAA3F-F960-47F5-A38A-229AE4A38AF9}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{49013CAA-7638-4BD5-B747-FE25A7D77484}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{4BFA4F4E-37BB-43BF-92FE-C90025CBEB46}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6002FF73-C0C2-4181-8A22-A5703F883339}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{60171FCB-1A71-42DB-9A8B-71367C99E1A9}C:\program files\att-sst\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"UDP Query User{62F4777D-9BE5-4905-B6C9-6745CC3AACE5}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{7D64D03D-A26C-4C58-A9BC-1E7AD8ECDED6}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{81132396-2591-49EF-A1A4-B75F674B3248}C:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\ncr3k0gu\download[1].exe" = protocol=17 | dir=in | app=c:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\ncr3k0gu\download[1].exe |
"UDP Query User{81C3E98D-C059-4723-855F-8F656F74A3E1}C:\users\bastardman\downloads\blackwhite\runblack.exe" = protocol=17 | dir=in | app=c:\users\bastardman\downloads\blackwhite\runblack.exe |
"UDP Query User{845DC94A-798D-4466-9CF2-2CDB86A3B6E6}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{87D69D3A-1C8F-4EF7-9CF1-EBDC2522B5A5}C:\program files\stardock games\demigod\bin\demigod-nosound.exe" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod-nosound.exe |
"UDP Query User{9BE763A8-316E-4D6E-9740-C397DD4E1023}C:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe |
"UDP Query User{A24B6154-40ED-45E6-B845-D5994F96ABC2}C:\program files\steam\steamapps\vladski\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\vladski\counter-strike source\hl2.exe |
"UDP Query User{A9DA48A9-309E-4C9F-8B73-3E946ADABA22}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{B3D195CF-5252-4653-90F8-A9F94ECE3FA5}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{C90B2ED4-F53D-4D67-AB3A-D8E72A82E2E4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CE5C03A0-B692-4C7B-82CE-EB855C7C6AAB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D46FE148-36A8-47E5-B9C6-26D0A0986EB0}C:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\vladski\half-life 2 deathmatch\hl2.exe |
"UDP Query User{D7641452-CE1A-48B3-8692-6055D4DC3573}C:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\prw85wlw\download[1].exe" = protocol=17 | dir=in | app=c:\users\bastardman\appdata\local\microsoft\windows\temporary internet files\content.ie5\prw85wlw\download[1].exe |
"UDP Query User{D7D4912D-797B-4D18-A548-C8D02A0C013C}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{E40250DF-752C-488C-96F7-8B8198868ABA}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{FE3E4B1D-0733-443A-AEBA-8A986F6417F8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"FL Studio 8" = FL Studio 8
"IL Download Manager" = IL Download Manager
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailRuSputnik" = Mail.Ru Спутник 2.1.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MRA" = Mail.Ru Агент 5.5 (сборка 2828, для всех пользователей)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Rob Papen Albino 3" = Rob Papen Albino 3
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 47780" = Dead Space 2
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"SynTPDeinstKey" = Dell Touchpad
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"www_screensavers_com" = Screensavers.com Content

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 04.02.2010 22:08:43 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:08:43 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:09:14 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:09:14 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:09:41 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:09:41 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:10:16 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.02.2010 22:10:16 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 04.03.2010 2:59:43 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

Error - 11.03.2010 16:17:17 | Computer Name = Bastardman-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 14.09.2010 10:13:07 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 10:25:00 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 11:13:11 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 11:24:59 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 12:13:05 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 12:25:00 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 13:13:06 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 13:25:01 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 14:13:06 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 14:24:59 | Computer Name = Bastardman-PC | Source = Google Update | ID = 20
Description =

[ Broadcom Wireless LAN Events ]
Error - 17.01.2011 4:25:52 | Computer Name = Bastardman-PC | Source = WLAN-Tray | ID = 0
Description = 00:25:52, Mon, Jan 17, 11 Error - User "" does not have administrative
privileges on this system

Error - 25.01.2011 3:39:16 | Computer Name = Bastardman-PC | Source = WLAN-Tray | ID = 0
Description = 23:39:16, Mon, Jan 24, 11 Error - User "" does not have administrative
privileges on this system

Error - 19.02.2011 2:48:19 | Computer Name = Bastardman-PC | Source = WLAN-Tray | ID = 0
Description = 22:48:19, Fri, Feb 18, 11 Error - User "" does not have administrative
privileges on this system

[ Media Center Events ]
Error - 21.10.2008 17:43:42 | Computer Name = Bastardman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 09.06.2009 23:20:52 | Computer Name = Bastardman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 25.02.2011 19:47:58 | Computer Name = Bastardman-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 25.02.2011 19:48:06 | Computer Name = Bastardman-PC | Source = DCOM | ID = 10005
Description =

Error - 25.02.2011 19:48:08 | Computer Name = Bastardman-PC | Source = DCOM | ID = 10005
Description =

Error - 25.02.2011 19:48:22 | Computer Name = Bastardman-PC | Source = DCOM | ID = 10005
Description =

Error - 25.02.2011 19:48:22 | Computer Name = Bastardman-PC | Source = DCOM | ID = 10005
Description =

Error - 25.02.2011 19:48:26 | Computer Name = Bastardman-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 25.02.2011 19:48:26 | Computer Name = Bastardman-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 25.02.2011 20:13:36 | Computer Name = Bastardman-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 25.02.2011 20:17:06 | Computer Name = Bastardman-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25.02.2011 20:26:15 | Computer Name = Bastardman-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Belahzur · 3 Re: Please help on Mon Feb 28, 2011 9:28 pm

Belahzur

AMA Member

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O4 - HKCU..\Run: [ciphnatt] File not found
O33 - MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = G:\arun.exe
O33 - MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = H:\suppress_explorer.exe
O33 - MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = I:\suppress_explorer.exe
O33 - MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\Shell\AutoRun\command - "" = J:\suppress_explorer.exe
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Vladski · 4 Re: Please help on Tue Mar 01, 2011 11:16 pm

Vladski

Member
Member

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ciphnatt deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1b9-31c2-11e0-9217-c30fd7464c1d}\ not found.
File move failed. G:\arun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1ba-31c2-11e0-9217-c30fd7464c1d}\ not found.
File move failed. H:\suppress_explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1bf-31c2-11e0-9217-c30fd7464c1d}\ not found.
File move failed. I:\suppress_explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cd1c1-31c2-11e0-9217-c30fd7464c1d}\ not found.
File move failed. J:\suppress_explorer.exe scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.21.0 log created on 03012011_201451

Belahzur · 5 Re: Please help on Sat Mar 05, 2011 8:24 pm

Belahzur

AMA Member

Hello.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Vladski · 6 Re: Please help on Tue Mar 08, 2011 8:07 pm

Vladski

Member
Member

hello

ComboFix 11-03-08.03 - Bastardman 08.03.2011 16:04:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1730 [GMT -8:00]
Running from: c:\users\Bastardman\Desktop\commy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\program files\Quicktime\QTTask.exe
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome.manifest
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome\content\_cfg.js
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome\content\overlay.xul
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\install.rdf
c:\users\Bastardman\AppData\Roaming\Install.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 00:12 . 2011-03-09 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-08 16:25 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F56E89F8-D374-4322-9ADD-67B781478BFC}\mpengine.dll
2011-03-02 04:14 . 2011-03-02 04:14 -------- d-----w- C:\_OTL
2011-02-27 23:47 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-27 23:47 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-27 23:47 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-27 23:47 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-27 23:47 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\program files\Trojan Remover
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\users\Bastardman\AppData\Roaming\Simply Super Software
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\programdata\Simply Super Software
2011-02-25 19:51 . 2011-03-02 19:23 -------- d-----w- c:\programdata\dBgIeLf15100
2011-02-23 21:25 . 2011-02-23 21:25 -------- d-----w- c:\users\Bastardman\AppData\Local\Microsoft_Corporation
2011-02-16 03:09 . 2011-02-16 03:09 -------- d-----w- c:\users\Bastardman\AppData\Local\EA Games
2011-02-16 03:04 . 2011-02-16 03:04 -------- d-----w- c:\programdata\Solidshield
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 00:54 . 2008-09-25 02:12 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-28 00:53 . 2009-02-25 03:32 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-28 00:53 . 2008-09-25 02:12 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-28 00:52 . 2008-09-25 02:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-06 17:43 . 2011-02-06 17:43 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 01:11 . 2009-10-02 16:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-11 18:31 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-11 18:31 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 22:45 . 2008-09-25 02:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-09 05:19 . 2010-12-09 05:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-27 1242448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-19 21633320]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2009-07-08 7975608]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Abyssus"="c:\program files\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
.
c:\users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2009-12-05 135320]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-06 218688]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\Drivers\Abyssus.sys [2009-10-30 9216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Ïîèñê@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - hxxp://www.mail.ru/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-MagicDisc 2.7.106 - c:\progra~1\MAGICD~1\UNWISE.EXE
AddRemove-www_screensavers_com - c:\program files\www_screensavers_com\www_screensavers_comUninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 16:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-08 16:14:57
ComboFix-quarantined-files.txt 2011-03-09 00:14
.
Pre-Run: 9 085 800 448 bytes free
Post-Run: 11 213 225 984 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A758A0BD618BDED830C952801140272B

Vladski · 7 Re: Please help on Tue Mar 08, 2011 8:08 pm

Vladski

Member
Member

ComboFix 11-03-08.03 - Bastardman 08.03.2011 16:04:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1730 [GMT -8:00]
Running from: c:\users\Bastardman\Desktop\commy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\program files\Quicktime\QTTask.exe
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome.manifest
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome\content\_cfg.js
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\chrome\content\overlay.xul
c:\users\Bastardman\AppData\Local\{24E7FC7A-C6C0-4F2B-A27F-3338009D092F}\install.rdf
c:\users\Bastardman\AppData\Roaming\Install.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 00:12 . 2011-03-09 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-08 16:25 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F56E89F8-D374-4322-9ADD-67B781478BFC}\mpengine.dll
2011-03-02 04:14 . 2011-03-02 04:14 -------- d-----w- C:\_OTL
2011-02-27 23:47 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-27 23:47 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-27 23:47 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-27 23:47 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-27 23:47 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\program files\Trojan Remover
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\users\Bastardman\AppData\Roaming\Simply Super Software
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\programdata\Simply Super Software
2011-02-25 19:51 . 2011-03-02 19:23 -------- d-----w- c:\programdata\dBgIeLf15100
2011-02-23 21:25 . 2011-02-23 21:25 -------- d-----w- c:\users\Bastardman\AppData\Local\Microsoft_Corporation
2011-02-16 03:09 . 2011-02-16 03:09 -------- d-----w- c:\users\Bastardman\AppData\Local\EA Games
2011-02-16 03:04 . 2011-02-16 03:04 -------- d-----w- c:\programdata\Solidshield
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 00:54 . 2008-09-25 02:12 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-28 00:53 . 2009-02-25 03:32 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-28 00:53 . 2008-09-25 02:12 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-28 00:52 . 2008-09-25 02:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-06 17:43 . 2011-02-06 17:43 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 01:11 . 2009-10-02 16:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-11 18:31 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-11 18:31 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 22:45 . 2008-09-25 02:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-09 05:19 . 2010-12-09 05:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-27 1242448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-19 21633320]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2009-07-08 7975608]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Abyssus"="c:\program files\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
.
c:\users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2009-12-05 135320]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-06 218688]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\Drivers\Abyssus.sys [2009-10-30 9216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Ïîèñê@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - hxxp://www.mail.ru/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-MagicDisc 2.7.106 - c:\progra~1\MAGICD~1\UNWISE.EXE
AddRemove-www_screensavers_com - c:\program files\www_screensavers_com\www_screensavers_comUninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 16:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-08 16:14:57
ComboFix-quarantined-files.txt 2011-03-09 00:14
.
Pre-Run: 9 085 800 448 bytes free
Post-Run: 11 213 225 984 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A758A0BD618BDED830C952801140272B

Belahzur · 8 Re: Please help on Thu Mar 10, 2011 8:18 pm

Belahzur

AMA Member

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Folder:: c:\programdata\dBgIeLf15100
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Vladski · 9 Re: Please help on Fri Mar 11, 2011 1:34 am

Vladski

Member
Member

ComboFix 11-03-10.02 - Bastardman 10.03.2011 21:26:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1964 [GMT -8:00]
Running from: c:\users\Bastardman\Desktop\commy.exe.exe
Command switches used :: c:\users\Bastardman\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dBgIeLf15100
c:\programdata\dBgIeLf15100\dBgIeLf15100
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 05:33 . 2011-03-11 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-10 00:18 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 00:18 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 00:18 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 00:18 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 00:17 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 00:17 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 03:29 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-09 03:29 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-09 03:28 . 2011-03-09 03:28 -------- d-----w- c:\program files\iPod
2011-03-09 03:28 . 2011-03-09 03:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-09 03:28 . 2011-03-09 03:29 -------- d-----w- c:\program files\iTunes
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-03-09 03:27 . 2011-03-09 03:27 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-03-09 03:26 . 2011-03-09 03:26 1409 ----a-w- c:\windows\QTFont.for
2011-03-09 03:25 . 2011-03-09 03:25 -------- d-----w- c:\users\Bastardman\AppData\Local\Apple
2011-03-09 03:25 . 2011-03-09 03:25 -------- d-----w- c:\program files\Apple Software Update
2011-03-09 03:23 . 2011-03-09 03:23 -------- d-----w- c:\program files\Bonjour
2011-03-09 03:23 . 2011-03-09 03:31 -------- d-----w- c:\programdata\Apple
2011-03-09 03:23 . 2011-03-09 03:28 -------- d-----w- c:\program files\Common Files\Apple
2011-03-09 01:09 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 00:02 . 2011-03-09 00:15 -------- d-----w- C:\commy.exe
2011-03-08 16:25 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F56E89F8-D374-4322-9ADD-67B781478BFC}\mpengine.dll
2011-03-02 04:14 . 2011-03-02 04:14 -------- d-----w- C:\_OTL
2011-02-27 23:47 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-27 23:47 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-27 23:47 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-27 23:47 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-27 23:47 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\program files\Trojan Remover
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\users\Bastardman\AppData\Roaming\Simply Super Software
2011-02-27 23:47 . 2011-02-27 23:47 -------- d-----w- c:\programdata\Simply Super Software
2011-02-23 21:25 . 2011-02-23 21:25 -------- d-----w- c:\users\Bastardman\AppData\Local\Microsoft_Corporation
2011-02-19 00:36 . 2011-02-19 00:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2011-02-19 00:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 03:09 . 2011-02-16 03:09 -------- d-----w- c:\users\Bastardman\AppData\Local\EA Games
2011-02-16 03:04 . 2011-02-16 03:04 -------- d-----w- c:\programdata\Solidshield
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 00:54 . 2008-09-25 02:12 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-28 00:53 . 2009-02-25 03:32 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-28 00:53 . 2008-09-25 02:12 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-28 00:52 . 2008-09-25 02:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-23 15:04 . 2010-11-27 07:15 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-01-10 18:23 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-01-10 18:24 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-01-10 18:24 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-01-10 18:24 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-01-10 18:23 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-01-10 18:24 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 17:43 . 2011-02-06 17:43 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 01:11 . 2009-10-02 16:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-11 18:31 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-11 18:31 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 22:45 . 2008-09-25 02:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-27 1242448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-19 21633320]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2009-07-08 7975608]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Abyssus"="c:\program files\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Bastardman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2009-12-05 135320]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-06 218688]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\Drivers\Abyssus.sys [2009-10-30 9216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Ïîèñê@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\mail.ru\sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Bastardman\AppData\Roaming\Mozilla\Firefox\Profiles\wpi81iuu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - hxxp://www.mail.ru/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 21:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-10 21:35:34
ComboFix-quarantined-files.txt 2011-03-11 05:35
ComboFix2.txt 2011-03-09 00:14
.
Pre-Run: 8 742 375 424 bytes free
Post-Run: 8 703 713 280 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 40B0D37FA1719DB0310271EE7A057B83

Belahzur · 10 Re: Please help on Sun Mar 13, 2011 9:54 pm

Belahzur

AMA Member

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Ad Bot

Ad Bot

1 Please help on Fri Feb 25, 2011 8:12 pm

Vladski

2 Re: Please help on Fri Feb 25, 2011 8:13 pm

Vladski

3 Re: Please help on Mon Feb 28, 2011 9:28 pm

Belahzur

4 Re: Please help on Tue Mar 01, 2011 11:16 pm

Vladski

5 Re: Please help on Sat Mar 05, 2011 8:24 pm

Belahzur

6 Re: Please help on Tue Mar 08, 2011 8:07 pm

Vladski

7 Re: Please help on Tue Mar 08, 2011 8:08 pm

Vladski

8 Re: Please help on Thu Mar 10, 2011 8:18 pm

Belahzur

9 Re: Please help on Fri Mar 11, 2011 1:34 am

Vladski

10 Re: Please help on Sun Mar 13, 2011 9:54 pm

Belahzur

Ad Bot

Log in