WiredWX Hobby Weather ToolsLog in

 


pretty sure i have a trojan need help

2 posters

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:23 PM, on 11/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Flash Media Encoder 2.5\FlashMediaEncoder.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60282
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\P

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60282
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s


  • Press "Fix Checked"
  • Close Hijack This.

MBAM came back clean, how is the machine running?

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
machine still running slow .... whenever it triggers the error message from nod 32 (antivirus) it becomes slow for like 3 minutes...

keeps saying this in error message from Nod 32 startup icon
windows/windows system 32/cngaudit.dll
cause o threat
win32 sirefef.A trojan
cannot clean

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
bump

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\WINDOWS\system32\cngaudit.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
something is wrong im getting this error message with avenger in text after i reboot .... copy pasted the entire code to avenger (Files to delete:
C:\WINDOWS\system32\cngaudit.dll) and followed part 3.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Wed Nov 18 09:02:28 2009

09:01:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Hello.
Did you include "Files to delete:"?

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
yes i copy pasted it as follows

Files to delete:
C:\WINDOWS\system32\cngaudit.dll

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Weird, try it again. No way!

Make sure there is no space before that top line neither.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
i just realized .... i have a 64 bit os..... windows vista 64 bit os ...... i just read on avenger site it doesnt support it....... what should i do now.....

System Requirements
The Avenger is fully compatible with 32-bit Windows Vista, XP, and 2000. Please do not attempt to use it on any other operating system. There are no plans to build a 64-bit version of The Avenger because of Microsoft's decision to require digital signatures for 64-bit Vista kernel code.
The Avenger must be run from a user account with administrator privileges. In Windows Vista, you will be prompted explicitly to grant The Avenger administrator privileges when it is run.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
OTL logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
PRC - [2009/11/14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/04/29 21:13:50 | 01,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/29 21:11:58 | 00,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/04/01 13:51:34 | 00,801,032 | ---- | M] () -- C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/03/11 10:42:08 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 00:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe
PRC - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/08/01 15:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
MOD - [2009/07/17 05:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/04/10 22:28:26 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/04/10 22:28:26 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/04/10 22:28:20 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/04/10 22:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 18:52:09 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 18:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 18:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 17:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/21 21:33:32 | 00,240,128 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/09 14:29:24 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/02 17:42:58 | 00,089,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 16:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 18:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2009/05/20 07:46:27 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/04/10 22:28:26 | 00,375,808 | ---- | M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/29 20:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 20:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/24 11:13:36 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/18 10:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 10:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/05 09:23:56 | 00,210,720 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/20 18:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 18:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 16:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 02:09:34 | 00,221,696 | ---- | M] (Realtek ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/21 19:24:04 | 00,084,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/21 21:33:32 | 00,487,936 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/28 21:52:36 | 05,437,952 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/04/10 21:39:52 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/09 14:21:36 | 00,044,944 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/04/09 14:21:32 | 00,033,608 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/04/09 14:21:30 | 00,165,960 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:64bit: - [2009/04/09 14:18:04 | 00,134,024 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/04/09 14:10:34 | 00,142,776 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009/02/05 18:45:32 | 00,015,208 | ---- | M] (deepxw) -- C:\Windows\SysNative\DRIVERS\tcpz-x64d.sys -- (TCPZ)
DRV:64bit: - [2009/01/13 18:14:58 | 00,057,608 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 00,015,752 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:30 | 00,034,440 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 18:14:22 | 00,022,024 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/26 22:27:38 | 00,819,712 | ---- | M] (Ralink Technology Corp.) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/11/21 21:05:22 | 01,253,376 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/04 09:48:00 | 00,064,000 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/07 09:01:36 | 00,143,360 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/19 17:37:42 | 00,325,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 12:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/12 23:46:00 | 00,027,136 | ---- | M] (ManyCam LLC.) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/01/20 18:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 18:46:57 | 03,154,432 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 18:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 18:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 16:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 17:45:36 | 00,273,408 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\eicqfu.sys -- (zfiaje)
DRV - [2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\zjddprwx.sys -- (mhbaw)
DRV - [2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\qlsm.sys -- (cgauwfe)
DRV - [2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\ojsjszpq.sys -- (alxlmic)
DRV - [2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\nxjsojd.sys -- (puiimj)
DRV - [2009/11/04 19:30:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/09/18 13:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.5
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.0.0283
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {4dffd90c-a059-437c-99dd-d71975f219ba}:1.2.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 15:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 05:44:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 21:44:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/14 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/11 11:46:33 | 00,000,000 | ---D | M]

[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions
[2009/06/25 17:04:22 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 14:33:30 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009/09/12 13:15:12 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba}
[2009/07/09 07:24:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 11:41:53 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/28 09:36:50 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/08/13 15:38:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/09 06:56:48 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/08/11 15:49:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/10/28 14:33:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/09 06:56:49 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\anttoolbar@ant.com
[2009/11/03 20:00:41 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\DTToolbar@toolbarnet.com
[2009/08/12 12:01:15 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@ghostery.com
[2009/11/17 21:37:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@tvunetworks.com
[2009/09/19 23:38:19 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\justintvpublisher@justin.tv
[2009/04/01 11:03:34 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\moveplayer@movenetworks.com
[2009/10/28 09:36:54 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\netvideohunter@netvideohunter.com
[2009/11/03 20:00:02 | 00,002,059 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\searchplugins\daemon-search.xml
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 21:44:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/05 06:31:34 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 14:02:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/09 06:35:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 21:44:38 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 21:44:38 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 08:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 08:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 08:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 21:44:41 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/10/09 10:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/09 10:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2009/09/25 08:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/07 06:52:33 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/07 06:52:33 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/07 06:52:33 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/07 06:52:33 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/07 06:52:33 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/07 06:52:33 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/07 06:52:33 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google IME Autoupdater] C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [YouTubeDownloader_upgrade] C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe (TODO: )
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8:64bit: - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra Button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra Button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([help] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trivia01.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} http://p3p.sogou.com/MMCShell.cab (MMCPlayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c9e6d0c35f69d211f&browserVersion=7.0 (SeeTooControl Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} http://potplayer.daum.net/PotPlayer/v2/PotWeb.cab (PotWeb Control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E635477-CD50-4290-8604-680C151E3DA7} http://mlb.netxtream.com/DanaX.cab (DanaX Control)
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackforlaptops.com/ctmweb/testoc.cab (Recovery ActiveX Control Module)
O16 - DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} http://afocx.17funtv.com:9091/AFC_TW/OpenTV_17FunTV.cab (OpenTV_17FunTV Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} http://nba.tom.com/video/tcastV1.cab (tcast control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40121.8679976852 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 20:02:07 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\GHOSTBUSTERS (tm)
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\GHOSTBUSTERS (tm)
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 16:09:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2009/11/20 15:59:20 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\RegRun2
[2009/11/20 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2009/11/20 14:56:54 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Brian\Desktop\RootkitRevealer.exe
[2009/11/20 14:23:22 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Threat Expert
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/14 19:17:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2009/11/13 20:40:12 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\antivirus
[2009/11/13 17:46:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/13 17:45:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:27:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/13 12:26:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/11/13 11:59:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trivia Mania
[2009/11/13 11:29:38 | 00,455,168 | ---- | C] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/13 11:07:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Recovery Toolbox for RAR
[2009/11/10 12:37:12 | 02,751,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32k.sys
[2009/11/10 12:37:08 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDApi.dll
[2009/11/10 12:37:08 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/09 06:35:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/08 19:09:15 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\PPLive
[2009/11/07 13:35:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/06 16:21:40 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Simply Super Software
[2009/11/06 09:30:18 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Downloaded Installations
[2009/11/05 20:25:44 | 00,000,000 | RH-D | C] -- C:\Users\Brian\AppData\Roaming\SecuROM
[2009/11/05 13:10:34 | 06,412,288 | ---- | C] (Terminal Reality Inc.) -- C:\Users\Brian\Desktop\ghost_w32.exe
[2009/11/04 20:50:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsUpdate
[2009/11/04 12:34:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/04 07:45:47 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/11/03 21:46:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ApplicationHistory
[2009/11/03 20:39:42 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/11/03 20:39:42 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/11/03 20:39:39 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/11/03 20:39:39 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/11/03 20:39:39 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/11/03 20:39:39 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/11/03 20:39:38 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/11/03 20:39:38 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/11/03 20:39:36 | 01,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2009/11/03 20:39:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2009/11/03 20:39:34 | 04,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2009/11/03 20:39:34 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2009/11/03 20:39:33 | 00,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2009/11/03 20:39:33 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2009/11/03 20:39:32 | 01,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2009/11/03 20:39:32 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2009/11/03 20:39:31 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2009/11/03 20:39:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2009/11/03 20:39:29 | 04,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2009/11/03 20:39:29 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2009/11/03 20:39:28 | 00,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2009/11/03 20:39:28 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2009/11/03 20:39:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2009/11/03 20:39:27 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2009/11/03 20:39:26 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2009/11/03 20:39:26 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2009/11/03 20:39:25 | 01,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 00,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2009/11/03 20:39:25 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/11/03 20:39:23 | 04,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2009/11/03 20:39:23 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/11/03 20:39:22 | 00,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2009/11/03 20:39:22 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2009/11/03 20:39:20 | 02,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2009/11/03 20:39:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2009/11/03 20:39:18 | 05,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2009/11/03 20:39:18 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2009/11/03 20:39:18 | 00,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2009/11/03 20:39:18 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2009/11/03 20:39:16 | 01,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2009/11/03 20:39:16 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2009/11/03 20:39:14 | 05,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2009/11/03 20:39:14 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2009/11/03 20:39:13 | 00,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2009/11/03 20:39:13 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2009/11/03 20:39:11 | 01,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2009/11/03 20:39:11 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2009/11/03 20:39:09 | 04,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2009/11/03 20:39:09 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2009/11/03 20:39:08 | 00,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2009/11/03 20:39:08 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2009/11/03 20:39:04 | 01,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2009/11/03 20:39:04 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2009/11/03 20:39:03 | 04,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2009/11/03 20:39:03 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2009/11/03 20:39:03 | 00,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2009/11/03 20:39:03 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2009/11/03 20:39:02 | 00,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2009/11/03 20:39:02 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2009/11/03 20:39:02 | 00,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2009/11/03 20:39:02 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2009/11/03 20:39:00 | 04,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2009/11/03 20:39:00 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2009/11/03 20:38:59 | 00,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2009/11/03 20:38:59 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2009/11/03 20:38:57 | 03,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2009/11/03 20:38:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009/11/03 20:38:56 | 00,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2009/11/03 20:38:56 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2009/11/03 20:38:54 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2009/11/03 20:38:54 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2009/11/03 20:38:52 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2009/11/03 20:38:52 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2009/11/03 20:38:41 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2009/11/03 20:38:40 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2009/11/03 20:38:40 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2009/11/03 20:38:38 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2009/11/03 20:38:38 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2009/11/03 20:38:37 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2009/11/03 20:38:37 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2009/11/03 20:38:35 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2009/11/03 20:38:35 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2009/11/03 20:38:34 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2009/11/03 20:38:34 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2009/11/03 20:38:32 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2009/11/03 20:38:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2009/11/03 20:38:30 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2009/11/03 20:38:30 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2009/11/03 20:19:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2009/11/03 20:17:30 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2009/11/03 20:00:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009/11/03 19:59:07 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 17:34:01 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 17:34:00 | 09,236,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/11/03 06:50:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Adobe Flash Media Shortcuts
[2009/11/02 13:36:08 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\vlc
[2009/11/02 12:22:32 | 00,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2009/11/02 12:22:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2009/11/02 11:47:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx
[2009/11/02 07:39:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/11/02 07:06:43 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\RapidShare
[2009/11/02 07:02:46 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Apps
[2009/11/02 07:02:42 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Deployment
[2009/10/31 14:29:44 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Megaupload
[2009/10/29 18:26:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2009/10/28 14:20:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FLAC
[2009/10/28 13:45:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2009/10/28 13:34:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2009/10/28 13:22:59 | 00,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009/10/28 13:22:59 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009/10/28 13:22:57 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2009/10/28 13:22:57 | 00,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2009/10/28 13:22:56 | 05,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2009/10/28 13:22:56 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2009/10/28 13:22:56 | 02,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2009/10/28 13:22:56 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2009/10/28 13:22:55 | 00,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2009/10/28 13:22:55 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2009/10/28 13:22:54 | 02,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2009/10/28 13:22:54 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/10/28 13:22:51 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009/10/28 13:22:51 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2009/10/28 13:22:50 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009/10/28 13:22:50 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past
[2009/10/28 13:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\River Past
[2009/10/28 12:29:58 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO DVD Ripper Platinum 5
[2009/10/28 12:26:51 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO
[2009/10/28 12:15:03 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Crack
[2009/10/28 11:39:50 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO.DVD.Audio.Ripper.v5.050.0703.Cracked-QUANTiZE
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/10/28 10:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/28 09:54:29 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/10/28 09:54:29 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/10/28 09:54:29 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/10/28 09:54:29 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winspool.drv
[2009/10/28 09:54:28 | 00,893,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/28 09:54:28 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/10/28 09:54:25 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/10/28 09:54:25 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/10/28 09:54:25 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/10/28 09:54:25 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/10/28 09:54:25 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/10/28 09:54:25 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/10/28 09:54:25 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/10/28 09:54:25 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/10/28 09:54:25 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/10/28 09:54:24 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/10/28 09:54:24 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/10/28 09:54:24 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/10/28 09:54:24 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/10/28 09:54:24 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/10/28 09:54:24 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/10/28 09:54:24 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/10/28 09:54:24 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/10/28 09:54:24 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/10/28 09:54:24 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/10/28 09:54:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/10/28 09:54:24 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/10/28 09:54:24 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/10/28 09:54:23 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/10/28 09:54:23 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/10/28 09:54:23 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/10/28 09:54:23 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/10/28 09:54:23 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/10/28 09:54:23 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/10/28 09:54:23 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/10/28 09:54:23 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/10/28 09:54:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/10/28 09:53:43 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/10/28 09:53:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/10/28 09:53:42 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdbusenum.dll
[2009/10/28 09:53:42 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/10/28 09:53:37 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/10/28 09:53:37 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/10/28 09:53:36 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/10/28 09:53:36 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/10/28 09:53:35 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/10/28 09:53:35 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/10/28 09:53:35 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/10/28 09:53:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/10/28 09:53:35 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/10/28 09:53:35 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/10/28 09:53:35 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/10/28 09:52:03 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/10/28 09:52:03 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleacc.dll
[2009/10/28 09:50:22 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2009/10/28 09:50:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2009/10/28 09:50:12 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2009/10/28 09:50:12 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2009/10/28 09:48:59 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 09:48:57 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 09:48:57 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 09:48:56 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/28 09:48:52 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/28 09:48:52 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/20 20:28:48 | 04,194,304 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT
[2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/20 19:31:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/20 19:31:33 | 00,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 17:44:21 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/20 16:34:27 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2009/11/20 16:34:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/20 16:34:11 | 42,605,81376 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/20 16:33:00 | 00,524,288 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 16:33:00 | 00,065,536 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/20 16:32:55 | 04,504,121 | -H-- | M] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 12:08:23 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/20 07:52:40 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2009/11/19 12:14:34 | 00,140,800 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:22:30 | 00,724,952 | ---- | M] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/16 18:24:06 | 00,000,684 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/11/16 07:58:17 | 00,704,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/16 07:58:17 | 00,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/16 07:58:17 | 00,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/14 10:11:57 | 00,009,216 | ---- | M] () -- C:\Users\Brian\Documents\Chocolate chip cookies.wps
[2009/11/13 21:27:58 | 00,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2009/11/13 17:46:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:26:49 | 00,000,943 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/13 11:36:07 | 00,455,168 | ---- | M] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/10 13:51:03 | 00,305,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/08 19:09:55 | 00,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2009/11/05 10:05:58 | 28,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/11/04 12:26:20 | 00,000,782 | ---- | M] () -- C:\Users\Brian\Desktop\µTorrent.lnk
[2009/11/03 21:44:19 | 00,721,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/11/03 10:34:35 | 00,002,647 | ---- | M] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/28 14:20:33 | 00,001,701 | ---- | M] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:04:03 | 00,163,777 | ---- | M] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:34:49 | 00,001,027 | ---- | M] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 10:03:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/22 16:04:44 | 00,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\SysWow64\TubeFinder.exe

========== Files Created - No Company Name ==========

[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 14:08:28 | 00,010,634 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A49.txt
[2009/11/20 14:08:27 | 00,428,772 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI3A46.txt
[2009/11/20 14:08:27 | 00,011,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A46.txt
[2009/11/20 12:08:23 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/19 08:05:07 | 00,731,136 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.exe
[2009/11/18 09:19:59 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 09:07:24 | 00,000,104 | ---- | C] () -- C:\Program Files (x86)\jmrcr.txt
[2009/11/18 08:51:03 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:21:12 | 00,724,952 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/13 12:26:49 | 00,000,943 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/08 19:09:55 | 00,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/11/07 15:02:18 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/05 03:03:05 | 02,163,972 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_NET_Framework35_x64_MSI2907.txt
[2009/11/05 03:01:59 | 00,156,568 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/05 03:01:48 | 00,379,478 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35install.txt
[2009/11/05 03:01:48 | 00,002,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\uxeventlog.txt
[2009/11/05 03:01:48 | 00,000,002 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35error.txt
[2009/11/04 12:26:11 | 00,000,782 | ---- | C] () -- C:\Users\Brian\Desktop\µTorrent.lnk
[2009/11/03 20:18:45 | 00,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 10:34:35 | 00,002,647 | ---- | C] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 14:05:19 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/31 21:13:11 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/10/28 14:20:33 | 00,001,701 | ---- | C] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:34:06 | 00,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2009/10/28 13:34:06 | 00,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2009/10/28 13:04:03 | 00,163,777 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:25:22 | 00,001,027 | ---- | C] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 11:39:51 | 01,440,054 | ---- | C] () -- C:\Users\Brian\Documents\TSO.bmp
[2009/10/28 11:39:51 | 00,003,318 | ---- | C] () -- C:\Users\Brian\Documents\theseekersoasis.org.nfo
[2009/10/28 11:39:51 | 00,000,069 | ---- | C] () -- C:\Users\Brian\Documents\TSO.URL
[2009/10/28 10:03:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/02 16:41:30 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/09/20 06:50:17 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/15 16:46:36 | 00,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/09/15 16:46:36 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/09/14 16:05:35 | 01,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2009/09/11 14:50:46 | 00,000,079 | ---- | C] () -- C:\Users\Brian\AppData\Local\DVDPATH.TXT
[2009/09/08 12:02:03 | 00,124,432 | ---- | C] () -- C:\Windows\SysWow64\PanInstaller.dll
[2009/09/08 12:02:02 | 00,083,480 | ---- | C] () -- C:\Windows\SysWow64\FirstLoad.dll
[2009/07/29 19:57:19 | 00,230,420 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924MSI7A1A.txt
[2009/07/29 19:57:17 | 00,011,784 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924UI7A1A.txt
[2009/07/29 19:57:02 | 00,544,724 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI79E9.txt
[2009/07/29 19:57:02 | 00,011,752 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI79E9.txt
[2009/07/29 19:56:35 | 00,537,708 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI798D.txt
[2009/07/29 19:56:34 | 00,011,672 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI798D.txt
[2009/06/04 10:01:22 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 10:00:49 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/13 15:08:15 | 08,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009/05/09 14:17:43 | 00,000,680 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat
[2009/04/10 22:11:08 | 00,165,336 | ---- | C] () -- C:\Windows\SysWow64\mod_wmp.dll
[2009/04/10 22:11:06 | 00,160,216 | ---- | C] () -- C:\Windows\SysWow64\mod_hp.dll
[2009/04/10 22:11:02 | 00,312,792 | ---- | C] () -- C:\Windows\SysWow64\mod_dana.dll
[2009/04/10 22:11:00 | 00,196,568 | ---- | C] () -- C:\Windows\SysWow64\p2p_core.dll
[2009/04/08 19:23:29 | 00,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/04/05 13:25:18 | 00,140,800 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 10:23:17 | 00,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009/03/29 10:23:17 | 00,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009/03/29 10:21:14 | 00,000,784 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/03/29 10:21:14 | 00,000,468 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009/03/26 09:53:49 | 00,322,598 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI059A.txt
[2009/03/26 09:53:49 | 00,011,148 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI059A.txt
[2009/03/19 23:35:10 | 00,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/03/17 21:40:35 | 00,000,684 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/03/17 21:00:32 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/17 21:00:25 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/17 20:19:09 | 04,504,121 | -H-- | C] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\QSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\DSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\AtStart.txt
[2009/03/17 15:04:22 | 00,075,280 | ---- | C] () -- C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/27 15:18:28 | 00,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll
[2009/02/04 01:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll
[2009/01/11 00:58:14 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/11 00:58:06 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/11 00:57:41 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/11 00:57:10 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/11 00:55:55 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/18 15:45:24 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/18 15:39:59 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/18 15:38:17 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/18 15:36:58 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/17 01:27:04 | 00,093,680 | ---- | C] () -- C:\Windows\SysWow64\gtapi_pack.dll
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 07:07:25 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2005/03/10 10:09:00 | 00,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2005/03/03 21:43:05 | 00,002,055 | ---- | C] () -- C:\Windows\SubCreator.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
now extras file to follow in 2 or 3 parts look for the end of report to signify the end

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
OTL Extras logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.reg [@ = regfile] --
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = vbefile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.vbs[@ = vbsfile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] --

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] --
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] --
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FD AE FB A7 42 E5 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0254CC1C-38ED-4BC7-8036-AE197DC18A38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E3C9F9E-543C-48C9-B3E1-0AF9BDAB449E}" = lport=445 | protocol=6 | dir=in | app=system |
"{10C536A0-26DE-43FF-B617-806EB3CB575B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E846906-063A-4DAC-A0A6-8A3591D56643}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2140E70E-3E75-493E-AD44-3F1A877531C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{251A4A3F-AC9F-4386-B1F4-BAE12459B752}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28BBE7E0-4C4D-4F8A-B600-A3DF8366EC88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29981758-4DD9-419A-9D8A-2165BDC00E44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A6D8156-30E1-482C-8AFD-390EEF87A208}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40FB093F-7AD7-426A-B851-A2E4099F43A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{480EF05A-C100-4981-97BD-FE155AB33C65}" = rport=137 | protocol=17 | dir=out | app=system |
"{72482882-10E7-4FD4-8D89-683E88B5869C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BB03985-635E-4DF4-A8F8-D4C6FE5DEF17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D6467B4-AF72-4F02-9726-B2D88E8B40B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{9192501B-BC55-405E-9935-EB875BA06EB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94DBE0CB-95CF-472F-B895-DBBF94BB63D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A7C1638-0206-4191-A842-458190B5425F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E6E0647-9239-4BEF-A298-371FFC1C142A}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0B35DA5-BD5A-4742-BFC1-4321C83BF6BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C84A4FE8-885B-4695-93A5-206C8D2DEDA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CED7226C-17C5-4B44-9B3B-ABEFCE513B40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D337F4EF-A2EA-42C2-A9D4-14DE22A5EAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B8A49F-FDEB-4E28-87B5-A0EA830F458A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E706EF00-3252-4184-BFB8-EC00B4ADD34A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7DE234F-CE70-4CE1-B464-1C487767A3D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E99D645F-EE52-4CC4-82E8-8FE96329F93F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE38AD21-233E-407C-9F4B-545002589AF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F01A864C-3CE4-4C64-B2BE-20696A32E7B0}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AC3A83-296D-4335-AE8A-B1B480C09C1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{00F4AA1F-95A7-42F6-8401-F0DF47D0F1A5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{023A7249-03B8-4285-AE9F-003EE65970AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1E7EC1BF-BF63-4840-9CD1-C8490AB3B5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1F5653A5-1AC4-4513-ADDD-770B4B0C7D66}" = protocol=6 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{2FB88B84-B5D3-4FAF-9F57-6432C454533C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3256BAD9-CDC9-4DEB-9DF7-EF51D86FCD48}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{331E5D5B-E743-4068-8178-55CE5AE77000}" = protocol=17 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{3D991568-D891-4DBB-9147-781AC649E609}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47B0D38E-4DA7-436E-88B4-2BFF842680C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{49B35683-7E6B-41D0-A0F9-3D5F6C9EEDAA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5133AFBE-BCE3-49FB-995E-6AAA49897425}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63A7BE61-DF13-4F32-8149-A4316A351F75}" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{65314AAF-1A4E-4C29-8563-83EEC9018294}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{715740EB-63FD-4E6E-BE86-CA8D730379A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{77F2E6DA-E6FC-41B4-8518-389011056041}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7A80BE7F-FC15-4589-B2E3-1767E261508D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7B162E5D-1938-4E40-AD36-B7B9F9078911}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{82F36A57-2EFF-40B8-8EA7-46C1DF15A57B}" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{89EA5607-D2DC-4D1A-AD5A-8EA4DD7E45B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{8CF73B85-C63E-44DC-8449-BCED640D178E}" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{8D47C952-4B3A-41F3-A66E-77F6BEA37A61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9362CAA6-FC4A-4FAA-92F8-26A66C904B52}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{975F1D90-F994-429B-A3A0-FA59D15E45A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{9A58AE2E-BC83-43FF-8447-791E5CA757B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9A6BECE3-A2AA-4433-BF4D-19D3BCDFCE63}" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{9A93A1FF-FC48-421A-AEDD-3A8C99AB0309}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{9AAA45C4-038E-433E-815F-843B47090E01}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{9DF5E79C-DDDE-4577-8CE1-768117FF0407}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A75FF3E8-2E6F-4468-851A-A9673888EC2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{ABF113D6-29C0-49C6-95D1-5460E6755915}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B5BF58AC-BB94-43D5-80BF-0D75C550C4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{B67120A8-E926-44CD-AF87-480609384053}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{BBCD16ED-165F-4A63-AE6E-675FA8C75EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF33A31E-4BBF-4509-8C0B-F4C6DD711BFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D615E015-0D57-46E7-9E21-6D34389F2969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAE00745-418C-4D3B-BDC9-E9136E183A87}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{DD06FC70-AD7F-4E3E-A859-093B94D02FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E6B74565-9E8F-43FD-827C-AEEE12D01115}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E6E0A1C7-B00F-473B-A132-E6FE6DCA1A2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EB088F15-EC02-4805-A003-B6346D656EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{ECA80D34-ED9D-428C-96A0-57A43307AA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EE3DFE02-C1B7-4F81-804B-8956DE9592C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{F7C7A1DE-DB3E-492B-949A-429D8615D6CB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{FD98A105-EBF2-4DCC-AA87-092C8CED9415}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{06F8F5DE-6BB7-4351-8E55-12E836081B72}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{40C4FA6B-B629-4C77-AB4C-2B721C7D6593}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{46009305-C214-480D-BA80-02B86E63AC4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4844431C-6887-412A-93EE-7840FB5E1A76}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{4DD89789-4218-42AE-BE43-38494FA70576}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{53479E24-1554-4770-9D13-90516C498490}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{54A18B89-C540-4B6F-AF7F-F5B101AED581}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{5C4A6D8E-ACF9-467C-A099-A0D6027D87C8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{621BD400-A92D-4ADE-BD23-A16C8CDD911D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{65C13156-1915-45E0-A3B6-34C86311BA9E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{74226060-6429-49B8-BE20-5163A8ED4DD2}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"TCP Query User{81F7417A-95FC-47D4-9593-1B09B69591D1}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"TCP Query User{83F94912-46C9-4698-B02D-347AE6D047CD}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"TCP Query User{860D86B8-3703-4D2F-908E-1A0EDC555DE2}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{89E5BCA4-825B-4414-A0DF-D5F79C921A61}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8A8FB053-F734-498C-8566-7802C5E09FD1}C:\users\brian\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"TCP Query User{99211712-3B71-4E9F-8ACB-BD851A7AF564}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9EBA9B75-CFD6-429B-8953-8E18282300B5}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9F8D0EAC-06DD-4BA9-92BF-A1F0A49BB94E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A261D479-22AE-4642-89EA-AE75B902A711}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |
"TCP Query User{C4CB78A5-DC1C-4557-BFE2-8A7C999A0655}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"TCP Query User{C6C7E0ED-8747-4018-813C-F5C082C224D9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{CA831B8E-5D60-4BD6-96A5-C5ACC049625C}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"TCP Query User{CBED1D7E-DA71-4EF3-A96D-CF5290A4F746}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{D9DDDCEF-58CD-4717-8B12-1384DFCC003C}C:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{E26E7D75-358A-48A1-9965-7FCFED6180BC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{E45772BA-5655-464A-AFCA-41215D8D4CB9}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"TCP Query User{E72B45CC-DC9F-4D00-B3B8-3165AA758D1C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EAB06204-8A5C-451B-A2F1-194F079A85BC}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{F4775948-6E75-407B-BAC9-5C3A6B37D187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{0D908CE4-7368-4F92-8DC1-464796568171}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1407D473-29F6-454B-ABA8-8CDD76C97F7C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{14BDF9DE-431F-4FC3-81AF-0BB04FAE2600}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{156FC1F8-13C8-4C04-B7DD-3D43310E83CC}C:\users\brian\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"UDP Query User{16A7310B-ADE6-46A5-BFB9-CB6A24B5A6F3}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{1F86099F-FD93-41C8-8091-69D399E84ACB}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"UDP Query User{1FC67736-C611-4E0F-BCF8-A091FE91CCBC}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{284A1487-2AF9-4E2D-B75B-86F57E84C2C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2EC82CC6-DC83-431A-99CD-DB889E9B5DCC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{42476515-FBD8-4CCB-98EE-A254FAF9FB65}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{48BB7763-3117-4713-B598-2055D73A5FA1}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{5984EA16-4350-49CD-9E95-618330857FFD}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"UDP Query User{65D99ADF-A041-43C4-9F1A-D1BA228747D9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{6C5AF97F-9718-4582-8A66-F4CECB2BCD92}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"UDP Query User{77C1F941-FCAA-4A2D-B305-1930C9EAD713}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{7C16C731-CE5B-4EBF-ABBF-C7DF4703034D}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{7FF70C1D-B2E1-472D-AA8D-4F4872C76EBD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{84426864-6BDE-43F3-BD2A-96BE162091CC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{981763CE-49E5-4DC6-B34C-A5F2F01AD7ED}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{9BBFBD59-14F4-443F-839C-5FC908BBEED3}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{9D2DEDA8-454E-4E2C-B5C0-BD1EC1189BBC}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{A4ECD998-B794-4E80-881E-91D4225E12BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A893B976-B881-499B-A4D0-DD9406D5970D}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"UDP Query User{B7C117FC-0AA1-44B8-B01C-27745F92B0B6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D2A97898-A3C9-44C6-B6E3-62177EF467EC}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"UDP Query User{DD77E583-E04E-460D-9E70-2775086B50E4}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{E8DDA562-C413-404E-869B-342086757D9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F1E99BF9-E774-4C73-BAC2-DF4E24585D54}C:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{FA2A441B-F82C-4EAE-A514-8FC5E5FD1187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{FC1E34AB-A0CD-408D-BC80-A0FC3E7A968F}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum