WiredWX Hobby Weather ToolsLog in

 


pretty sure i have a trojan need help

2 posters

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
OTL logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
PRC - [2009/11/14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/04/29 21:13:50 | 01,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/29 21:11:58 | 00,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:06:52 | 00,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/04/01 13:51:34 | 00,801,032 | ---- | M] () -- C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/03/11 10:42:08 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/12/04 17:52:44 | 01,807,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 00:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe
PRC - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/08/01 15:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/21 09:44:20 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- c:\Users\Brian\Desktop\OTL.exe
MOD - [2009/07/17 05:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/04/10 22:28:26 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/04/10 22:28:26 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/04/10 22:28:20 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/04/10 22:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 18:52:09 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 18:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 18:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 17:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/21 21:33:32 | 00,240,128 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/09 14:29:24 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/04/09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/02 17:42:58 | 00,089,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 16:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 18:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/05/23 14:46:13 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2009/05/20 07:46:27 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/04/22 21:53:22 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 21:53:22 | 00,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/04/10 22:28:26 | 00,375,808 | ---- | M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/29 20:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 20:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/24 11:13:36 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/18 10:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 10:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/23 11:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/05 09:23:56 | 00,210,720 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008/09/05 09:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/20 18:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 18:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 16:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 02:09:34 | 00,221,696 | ---- | M] (Realtek ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/21 19:24:04 | 00,084,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/21 21:33:32 | 00,487,936 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/28 21:52:36 | 05,437,952 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/04/10 21:39:52 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/09 14:21:36 | 00,044,944 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/04/09 14:21:32 | 00,033,608 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/04/09 14:21:30 | 00,165,960 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:64bit: - [2009/04/09 14:18:04 | 00,134,024 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/04/09 14:10:34 | 00,142,776 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009/02/05 18:45:32 | 00,015,208 | ---- | M] (deepxw) -- C:\Windows\SysNative\DRIVERS\tcpz-x64d.sys -- (TCPZ)
DRV:64bit: - [2009/01/13 18:14:58 | 00,057,608 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 00,015,752 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:30 | 00,034,440 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 18:14:22 | 00,022,024 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/26 22:27:38 | 00,819,712 | ---- | M] (Ralink Technology Corp.) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/11/21 21:05:22 | 01,253,376 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/04 09:48:00 | 00,064,000 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/07 09:01:36 | 00,143,360 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/19 17:37:42 | 00,325,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 12:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/12 23:46:00 | 00,027,136 | ---- | M] (ManyCam LLC.) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/01/20 18:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 18:46:57 | 03,154,432 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 18:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 18:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 16:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 17:45:36 | 00,273,408 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\eicqfu.sys -- (zfiaje)
DRV - [2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\zjddprwx.sys -- (mhbaw)
DRV - [2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\qlsm.sys -- (cgauwfe)
DRV - [2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\ojsjszpq.sys -- (alxlmic)
DRV - [2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\system32\drivers\nxjsojd.sys -- (puiimj)
DRV - [2009/11/04 19:30:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/09/18 13:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.5
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.0.0283
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {4dffd90c-a059-437c-99dd-d71975f219ba}:1.2.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 15:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 05:44:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 21:44:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/14 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/11 11:46:33 | 00,000,000 | ---D | M]

[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2009/03/31 19:14:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions
[2009/06/25 17:04:22 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 14:33:30 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009/09/12 13:15:12 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba}
[2009/07/09 07:24:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 11:41:53 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/28 09:36:50 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/08/13 15:38:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/09 06:56:48 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/08/11 15:49:23 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/10/28 14:33:21 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/09 06:56:49 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\anttoolbar@ant.com
[2009/11/03 20:00:41 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\DTToolbar@toolbarnet.com
[2009/08/12 12:01:15 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@ghostery.com
[2009/11/17 21:37:56 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\firefox@tvunetworks.com
[2009/09/19 23:38:19 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\justintvpublisher@justin.tv
[2009/04/01 11:03:34 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\moveplayer@movenetworks.com
[2009/10/28 09:36:54 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\extensions\netvideohunter@netvideohunter.com
[2009/11/03 20:00:02 | 00,002,059 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\syjtqmfq.default\searchplugins\daemon-search.xml
[2009/11/19 23:05:17 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 21:44:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/05 06:31:34 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 14:02:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/09 06:35:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 21:44:38 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 21:44:38 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 08:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 08:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 08:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 21:44:41 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/10/09 10:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/09 10:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2009/09/25 08:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/07 06:52:33 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/07 06:52:33 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/07 06:52:33 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/07 06:52:33 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/07 06:52:33 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/07 06:52:33 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/07 06:52:33 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\VDTB.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google IME Autoupdater] C:\Program Files (x86)\Google\Google Pinyin\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [YouTubeDownloader_upgrade] C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe (TODO: )
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8:64bit: - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra Button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra Button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([help] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trivia01.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} http://p3p.sogou.com/MMCShell.cab (MMCPlayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c9e6d0c35f69d211f&browserVersion=7.0 (SeeTooControl Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} http://potplayer.daum.net/PotPlayer/v2/PotWeb.cab (PotWeb Control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E635477-CD50-4290-8604-680C151E3DA7} http://mlb.netxtream.com/DanaX.cab (DanaX Control)
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackforlaptops.com/ctmweb/testoc.cab (Recovery ActiveX Control Module)
O16 - DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} http://afocx.17funtv.com:9091/AFC_TW/OpenTV_17FunTV.cab (OpenTV_17FunTV Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} http://nba.tom.com/video/tcastV1.cab (tcast control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40121.8679976852 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 20:02:07 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\GHOSTBUSTERS (tm)
[2009/11/20 17:08:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\GHOSTBUSTERS (tm)
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 17:04:47 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/11/20 16:09:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2009/11/20 15:59:20 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\RegRun2
[2009/11/20 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2009/11/20 14:56:54 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Brian\Desktop\RootkitRevealer.exe
[2009/11/20 14:23:22 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Threat Expert
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:19 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/11/20 12:08:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/17 20:06:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/11/14 19:17:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2009/11/13 20:40:12 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\antivirus
[2009/11/13 17:46:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/13 17:45:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:27:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/13 12:26:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/11/13 11:59:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trivia Mania
[2009/11/13 11:29:38 | 00,455,168 | ---- | C] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/13 11:07:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Recovery Toolbox for RAR
[2009/11/10 12:37:12 | 02,751,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32k.sys
[2009/11/10 12:37:08 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDApi.dll
[2009/11/10 12:37:08 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/09 06:35:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/09 06:35:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/08 19:09:15 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\PPLive
[2009/11/07 13:35:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/07 13:35:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/11/06 16:21:40 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Simply Super Software
[2009/11/06 09:30:18 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Downloaded Installations
[2009/11/05 20:25:44 | 00,000,000 | RH-D | C] -- C:\Users\Brian\AppData\Roaming\SecuROM
[2009/11/05 13:10:34 | 06,412,288 | ---- | C] (Terminal Reality Inc.) -- C:\Users\Brian\Desktop\ghost_w32.exe
[2009/11/04 20:50:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsUpdate
[2009/11/04 12:34:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/04 07:45:47 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/11/03 21:46:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ApplicationHistory
[2009/11/03 20:39:42 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/11/03 20:39:42 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/11/03 20:39:42 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/11/03 20:39:39 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/11/03 20:39:39 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/11/03 20:39:39 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/11/03 20:39:39 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/11/03 20:39:39 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/11/03 20:39:38 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/11/03 20:39:38 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/11/03 20:39:38 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/11/03 20:39:36 | 01,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2009/11/03 20:39:36 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2009/11/03 20:39:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2009/11/03 20:39:34 | 04,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2009/11/03 20:39:34 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2009/11/03 20:39:33 | 00,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2009/11/03 20:39:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2009/11/03 20:39:33 | 00,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2009/11/03 20:39:33 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2009/11/03 20:39:33 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2009/11/03 20:39:32 | 01,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2009/11/03 20:39:32 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2009/11/03 20:39:31 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2009/11/03 20:39:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2009/11/03 20:39:29 | 04,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2009/11/03 20:39:29 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2009/11/03 20:39:28 | 00,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2009/11/03 20:39:28 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2009/11/03 20:39:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2009/11/03 20:39:27 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2009/11/03 20:39:26 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2009/11/03 20:39:26 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2009/11/03 20:39:25 | 01,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/11/03 20:39:25 | 00,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2009/11/03 20:39:25 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/11/03 20:39:23 | 04,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2009/11/03 20:39:23 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/11/03 20:39:22 | 00,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2009/11/03 20:39:22 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2009/11/03 20:39:20 | 02,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2009/11/03 20:39:20 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2009/11/03 20:39:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2009/11/03 20:39:18 | 05,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2009/11/03 20:39:18 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2009/11/03 20:39:18 | 00,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2009/11/03 20:39:18 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2009/11/03 20:39:16 | 01,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2009/11/03 20:39:16 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2009/11/03 20:39:16 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2009/11/03 20:39:14 | 05,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2009/11/03 20:39:14 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2009/11/03 20:39:13 | 00,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2009/11/03 20:39:13 | 00,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2009/11/03 20:39:13 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2009/11/03 20:39:11 | 01,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2009/11/03 20:39:11 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2009/11/03 20:39:11 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2009/11/03 20:39:09 | 04,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2009/11/03 20:39:09 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2009/11/03 20:39:08 | 00,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2009/11/03 20:39:08 | 00,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2009/11/03 20:39:08 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2009/11/03 20:39:04 | 01,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2009/11/03 20:39:04 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2009/11/03 20:39:04 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2009/11/03 20:39:03 | 04,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2009/11/03 20:39:03 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2009/11/03 20:39:03 | 00,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2009/11/03 20:39:03 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2009/11/03 20:39:02 | 00,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2009/11/03 20:39:02 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2009/11/03 20:39:02 | 00,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2009/11/03 20:39:02 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2009/11/03 20:39:00 | 04,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2009/11/03 20:39:00 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2009/11/03 20:38:59 | 00,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2009/11/03 20:38:59 | 00,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2009/11/03 20:38:59 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2009/11/03 20:38:57 | 03,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2009/11/03 20:38:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009/11/03 20:38:56 | 00,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2009/11/03 20:38:56 | 00,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2009/11/03 20:38:56 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2009/11/03 20:38:54 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2009/11/03 20:38:54 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2009/11/03 20:38:54 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2009/11/03 20:38:52 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2009/11/03 20:38:52 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2009/11/03 20:38:41 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2009/11/03 20:38:40 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2009/11/03 20:38:40 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2009/11/03 20:38:40 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2009/11/03 20:38:38 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2009/11/03 20:38:38 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2009/11/03 20:38:37 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2009/11/03 20:38:37 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2009/11/03 20:38:35 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2009/11/03 20:38:35 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2009/11/03 20:38:34 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2009/11/03 20:38:34 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2009/11/03 20:38:32 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2009/11/03 20:38:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2009/11/03 20:38:30 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2009/11/03 20:38:30 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2009/11/03 20:19:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2009/11/03 20:17:30 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2009/11/03 20:00:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009/11/03 19:59:07 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 19:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 17:34:01 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 17:34:00 | 09,236,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/03 17:33:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/11/03 06:50:15 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Adobe Flash Media Shortcuts
[2009/11/02 13:36:08 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\vlc
[2009/11/02 12:22:32 | 00,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2009/11/02 12:22:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2009/11/02 11:47:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx
[2009/11/02 07:39:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/11/02 07:06:43 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\RapidShare
[2009/11/02 07:02:46 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Apps
[2009/11/02 07:02:42 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Deployment
[2009/10/31 14:29:44 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Megaupload
[2009/10/29 18:26:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2009/10/28 14:20:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FLAC
[2009/10/28 13:45:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2009/10/28 13:34:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2009/10/28 13:22:59 | 00,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2009/10/28 13:22:59 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009/10/28 13:22:59 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009/10/28 13:22:57 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2009/10/28 13:22:57 | 00,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2009/10/28 13:22:56 | 05,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2009/10/28 13:22:56 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2009/10/28 13:22:56 | 02,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2009/10/28 13:22:56 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2009/10/28 13:22:55 | 00,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/10/28 13:22:55 | 00,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2009/10/28 13:22:55 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2009/10/28 13:22:54 | 02,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2009/10/28 13:22:54 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/10/28 13:22:51 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2009/10/28 13:22:51 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009/10/28 13:22:51 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2009/10/28 13:22:50 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009/10/28 13:22:50 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2009/10/28 13:03:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past
[2009/10/28 13:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\River Past
[2009/10/28 12:29:58 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO DVD Ripper Platinum 5
[2009/10/28 12:26:51 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO
[2009/10/28 12:15:03 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\Crack
[2009/10/28 11:39:50 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\ImTOO.DVD.Audio.Ripper.v5.050.0703.Cracked-QUANTiZE
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/10/28 10:04:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/10/28 10:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/28 09:54:29 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/10/28 09:54:29 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/10/28 09:54:29 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/10/28 09:54:29 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winspool.drv
[2009/10/28 09:54:28 | 00,893,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/28 09:54:28 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/10/28 09:54:25 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/10/28 09:54:25 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/10/28 09:54:25 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/10/28 09:54:25 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/10/28 09:54:25 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/10/28 09:54:25 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/10/28 09:54:25 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/10/28 09:54:25 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/10/28 09:54:25 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/10/28 09:54:25 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/10/28 09:54:25 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/10/28 09:54:25 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/10/28 09:54:25 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/10/28 09:54:25 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/10/28 09:54:24 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/10/28 09:54:24 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/10/28 09:54:24 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/10/28 09:54:24 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/10/28 09:54:24 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/10/28 09:54:24 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/10/28 09:54:24 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/10/28 09:54:24 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/10/28 09:54:24 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/10/28 09:54:24 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/10/28 09:54:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/10/28 09:54:24 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/10/28 09:54:24 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/10/28 09:54:24 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/10/28 09:54:23 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/10/28 09:54:23 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/10/28 09:54:23 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/10/28 09:54:23 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/10/28 09:54:23 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/10/28 09:54:23 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/10/28 09:54:23 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/10/28 09:54:23 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/10/28 09:54:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/10/28 09:53:43 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/10/28 09:53:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/10/28 09:53:42 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdbusenum.dll
[2009/10/28 09:53:42 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/10/28 09:53:37 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/10/28 09:53:37 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/10/28 09:53:36 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/10/28 09:53:36 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/10/28 09:53:35 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/10/28 09:53:35 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/10/28 09:53:35 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/10/28 09:53:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/10/28 09:53:35 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/10/28 09:53:35 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/10/28 09:53:35 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/10/28 09:53:35 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/10/28 09:53:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/10/28 09:53:35 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/10/28 09:53:35 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShServiceObj.dll
[2009/10/28 09:53:35 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/10/28 09:52:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/10/28 09:52:03 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/10/28 09:52:03 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/10/28 09:52:03 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleacc.dll
[2009/10/28 09:50:22 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2009/10/28 09:50:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2009/10/28 09:50:13 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2009/10/28 09:50:12 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2009/10/28 09:50:12 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2009/10/28 09:48:59 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 09:48:57 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 09:48:57 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 09:48:56 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/28 09:48:52 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/28 09:48:52 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/20 20:28:48 | 04,194,304 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT
[2009/11/20 20:02:30 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/20 19:31:36 | 00,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/20 19:31:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/20 19:31:33 | 00,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:34:17 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 17:44:21 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/20 16:34:27 | 00,056,680 | ---- | M] (absoƖute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2009/11/20 16:34:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/20 16:34:11 | 42,605,81376 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/20 16:33:00 | 00,524,288 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 16:33:00 | 00,065,536 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/20 16:32:55 | 04,504,121 | -H-- | M] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 12:08:23 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/20 07:52:40 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2009/11/19 12:14:34 | 00,140,800 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 09:19:59 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 08:51:03 | 00,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:22:30 | 00,724,952 | ---- | M] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/16 18:24:06 | 00,000,684 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/11/16 07:58:17 | 00,704,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/16 07:58:17 | 00,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/16 07:58:17 | 00,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/14 10:11:57 | 00,009,216 | ---- | M] () -- C:\Users\Brian\Documents\Chocolate chip cookies.wps
[2009/11/13 21:27:58 | 00,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2009/11/13 17:46:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brian\Desktop\HJTInstall.exe
[2009/11/13 12:26:49 | 00,000,943 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/13 11:36:07 | 00,455,168 | ---- | M] (Recovery Toolbox, Inc.) -- C:\Users\Brian\Documents\RecoveryToolboxForRAR.exe
[2009/11/10 13:51:03 | 00,305,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/08 19:09:55 | 00,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2009/11/05 10:05:58 | 28,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/11/04 12:26:20 | 00,000,782 | ---- | M] () -- C:\Users\Brian\Desktop\µTorrent.lnk
[2009/11/03 21:44:19 | 00,721,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 19:59:46 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/11/03 10:34:35 | 00,002,647 | ---- | M] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/28 14:20:33 | 00,001,701 | ---- | M] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:04:03 | 00,163,777 | ---- | M] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:34:49 | 00,001,027 | ---- | M] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 10:03:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/22 16:04:44 | 00,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\SysWow64\TubeFinder.exe

========== Files Created - No Company Name ==========

[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/11/20 16:00:15 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/11/20 14:08:28 | 00,010,634 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A49.txt
[2009/11/20 14:08:27 | 00,428,772 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI3A46.txt
[2009/11/20 14:08:27 | 00,011,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI3A46.txt
[2009/11/20 12:08:23 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/20 10:14:44 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\eicqfu.sys
[2009/11/19 08:05:07 | 00,731,136 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.exe
[2009/11/18 09:19:59 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\zjddprwx.sys
[2009/11/18 09:15:50 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\qlsm.sys
[2009/11/18 09:07:24 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ojsjszpq.sys
[2009/11/18 09:07:24 | 00,000,104 | ---- | C] () -- C:\Program Files (x86)\jmrcr.txt
[2009/11/18 08:51:03 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\nxjsojd.sys
[2009/11/17 14:21:12 | 00,724,952 | ---- | C] () -- C:\Users\Brian\Desktop\avenger.zip
[2009/11/13 12:26:49 | 00,000,943 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/08 19:09:55 | 00,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/11/07 15:02:18 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/05 03:03:05 | 02,163,972 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_NET_Framework35_x64_MSI2907.txt
[2009/11/05 03:01:59 | 00,156,568 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/05 03:01:48 | 00,379,478 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35install.txt
[2009/11/05 03:01:48 | 00,002,462 | ---- | C] () -- C:\Users\Brian\AppData\Local\uxeventlog.txt
[2009/11/05 03:01:48 | 00,000,002 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_dotnetfx35error.txt
[2009/11/04 12:26:11 | 00,000,782 | ---- | C] () -- C:\Users\Brian\Desktop\µTorrent.lnk
[2009/11/03 20:18:45 | 00,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 10:34:35 | 00,002,647 | ---- | C] () -- C:\Users\Brian\Desktop\RapidShare Manager.lnk
[2009/11/02 14:05:19 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/31 21:13:11 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/10/28 14:20:33 | 00,001,701 | ---- | C] () -- C:\Users\Public\Desktop\FLAC Frontend.lnk
[2009/10/28 13:34:06 | 00,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2009/10/28 13:34:06 | 00,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2009/10/28 13:04:03 | 00,163,777 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2009/10/28 12:25:22 | 00,001,027 | ---- | C] () -- C:\Users\Brian\Desktop\ImTOO DVD Ripper Platinum 5.lnk
[2009/10/28 11:39:51 | 01,440,054 | ---- | C] () -- C:\Users\Brian\Documents\TSO.bmp
[2009/10/28 11:39:51 | 00,003,318 | ---- | C] () -- C:\Users\Brian\Documents\theseekersoasis.org.nfo
[2009/10/28 11:39:51 | 00,000,069 | ---- | C] () -- C:\Users\Brian\Documents\TSO.URL
[2009/10/28 10:03:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 10:03:43 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/02 16:41:30 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/09/20 06:50:17 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/15 16:46:36 | 00,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/09/15 16:46:36 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/09/14 16:05:35 | 01,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2009/09/11 14:50:46 | 00,000,079 | ---- | C] () -- C:\Users\Brian\AppData\Local\DVDPATH.TXT
[2009/09/08 12:02:03 | 00,124,432 | ---- | C] () -- C:\Windows\SysWow64\PanInstaller.dll
[2009/09/08 12:02:02 | 00,083,480 | ---- | C] () -- C:\Windows\SysWow64\FirstLoad.dll
[2009/07/29 19:57:19 | 00,230,420 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924MSI7A1A.txt
[2009/07/29 19:57:17 | 00,011,784 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL90SP1_KB973924UI7A1A.txt
[2009/07/29 19:57:02 | 00,544,724 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI79E9.txt
[2009/07/29 19:57:02 | 00,011,752 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI79E9.txt
[2009/07/29 19:56:35 | 00,537,708 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923MSI798D.txt
[2009/07/29 19:56:34 | 00,011,672 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_ATL80SP1_KB973923UI798D.txt
[2009/06/04 10:01:22 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 10:00:49 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/13 15:08:15 | 08,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009/05/09 14:17:43 | 00,000,680 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat
[2009/04/10 22:11:08 | 00,165,336 | ---- | C] () -- C:\Windows\SysWow64\mod_wmp.dll
[2009/04/10 22:11:06 | 00,160,216 | ---- | C] () -- C:\Windows\SysWow64\mod_hp.dll
[2009/04/10 22:11:02 | 00,312,792 | ---- | C] () -- C:\Windows\SysWow64\mod_dana.dll
[2009/04/10 22:11:00 | 00,196,568 | ---- | C] () -- C:\Windows\SysWow64\p2p_core.dll
[2009/04/08 19:23:29 | 00,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/04/05 13:25:18 | 00,140,800 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 10:23:17 | 00,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009/03/29 10:23:17 | 00,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009/03/29 10:21:14 | 00,000,784 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/03/29 10:21:14 | 00,000,468 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009/03/26 09:53:49 | 00,322,598 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistMSI059A.txt
[2009/03/26 09:53:49 | 00,011,148 | ---- | C] () -- C:\Users\Brian\AppData\Local\dd_vcredistUI059A.txt
[2009/03/19 23:35:10 | 00,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/03/17 21:40:35 | 00,000,684 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/03/17 21:00:32 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/17 21:00:25 | 00,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/17 20:19:09 | 04,504,121 | -H-- | C] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\QSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\DSwitch.txt
[2009/03/17 15:07:37 | 00,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\AtStart.txt
[2009/03/17 15:04:22 | 00,075,280 | ---- | C] () -- C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/27 15:18:28 | 00,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll
[2009/02/04 01:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll
[2009/01/11 00:58:14 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/11 00:58:06 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/11 00:57:41 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/11 00:57:10 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/11 00:55:55 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/18 15:45:24 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/18 15:39:59 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/18 15:38:17 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/18 15:36:58 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/17 01:27:04 | 00,093,680 | ---- | C] () -- C:\Windows\SysWow64\gtapi_pack.dll
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 07:07:25 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2005/03/10 10:09:00 | 00,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2005/03/03 21:43:05 | 00,002,055 | ---- | C] () -- C:\Windows\SubCreator.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
now extras file to follow in 2 or 3 parts look for the end of report to signify the end

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
OTL Extras logfile created on: 11/20/2009 8:28:55 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = c:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 68.07 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.reg [@ = regfile] --
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = vbefile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.vbs[@ = vbsfile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\Wscript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] --

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\Wscript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] --
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\Wscript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] --
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FD AE FB A7 42 E5 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe" = C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ????? -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\Live.exe" = C:\Program Files (x86)\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe -- ()
"C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files (x86)\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe -- ()
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0254CC1C-38ED-4BC7-8036-AE197DC18A38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E3C9F9E-543C-48C9-B3E1-0AF9BDAB449E}" = lport=445 | protocol=6 | dir=in | app=system |
"{10C536A0-26DE-43FF-B617-806EB3CB575B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E846906-063A-4DAC-A0A6-8A3591D56643}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2140E70E-3E75-493E-AD44-3F1A877531C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{251A4A3F-AC9F-4386-B1F4-BAE12459B752}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28BBE7E0-4C4D-4F8A-B600-A3DF8366EC88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29981758-4DD9-419A-9D8A-2165BDC00E44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A6D8156-30E1-482C-8AFD-390EEF87A208}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40FB093F-7AD7-426A-B851-A2E4099F43A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{480EF05A-C100-4981-97BD-FE155AB33C65}" = rport=137 | protocol=17 | dir=out | app=system |
"{72482882-10E7-4FD4-8D89-683E88B5869C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BB03985-635E-4DF4-A8F8-D4C6FE5DEF17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D6467B4-AF72-4F02-9726-B2D88E8B40B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{9192501B-BC55-405E-9935-EB875BA06EB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94DBE0CB-95CF-472F-B895-DBBF94BB63D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A7C1638-0206-4191-A842-458190B5425F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E6E0647-9239-4BEF-A298-371FFC1C142A}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0B35DA5-BD5A-4742-BFC1-4321C83BF6BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C84A4FE8-885B-4695-93A5-206C8D2DEDA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CED7226C-17C5-4B44-9B3B-ABEFCE513B40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D337F4EF-A2EA-42C2-A9D4-14DE22A5EAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B8A49F-FDEB-4E28-87B5-A0EA830F458A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E706EF00-3252-4184-BFB8-EC00B4ADD34A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7DE234F-CE70-4CE1-B464-1C487767A3D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E99D645F-EE52-4CC4-82E8-8FE96329F93F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE38AD21-233E-407C-9F4B-545002589AF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F01A864C-3CE4-4C64-B2BE-20696A32E7B0}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AC3A83-296D-4335-AE8A-B1B480C09C1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{00F4AA1F-95A7-42F6-8401-F0DF47D0F1A5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{023A7249-03B8-4285-AE9F-003EE65970AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1E7EC1BF-BF63-4840-9CD1-C8490AB3B5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1F5653A5-1AC4-4513-ADDD-770B4B0C7D66}" = protocol=6 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{2FB88B84-B5D3-4FAF-9F57-6432C454533C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3256BAD9-CDC9-4DEB-9DF7-EF51D86FCD48}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{331E5D5B-E743-4068-8178-55CE5AE77000}" = protocol=17 | dir=in | app=c:\users\brian\downloads\torrents\utorrent.exe |
"{3D991568-D891-4DBB-9147-781AC649E609}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47B0D38E-4DA7-436E-88B4-2BFF842680C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{49B35683-7E6B-41D0-A0F9-3D5F6C9EEDAA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5133AFBE-BCE3-49FB-995E-6AAA49897425}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63A7BE61-DF13-4F32-8149-A4316A351F75}" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{65314AAF-1A4E-4C29-8563-83EEC9018294}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{715740EB-63FD-4E6E-BE86-CA8D730379A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{77F2E6DA-E6FC-41B4-8518-389011056041}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7A80BE7F-FC15-4589-B2E3-1767E261508D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7B162E5D-1938-4E40-AD36-B7B9F9078911}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{82F36A57-2EFF-40B8-8EA7-46C1DF15A57B}" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"{89EA5607-D2DC-4D1A-AD5A-8EA4DD7E45B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{8CF73B85-C63E-44DC-8449-BCED640D178E}" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{8D47C952-4B3A-41F3-A66E-77F6BEA37A61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9362CAA6-FC4A-4FAA-92F8-26A66C904B52}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{975F1D90-F994-429B-A3A0-FA59D15E45A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\liverelay.exe |
"{9A58AE2E-BC83-43FF-8447-791E5CA757B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{9A6BECE3-A2AA-4433-BF4D-19D3BCDFCE63}" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\daumvsvr.exe |
"{9A93A1FF-FC48-421A-AEDD-3A8C99AB0309}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{9AAA45C4-038E-433E-815F-843B47090E01}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{9DF5E79C-DDDE-4577-8CE1-768117FF0407}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A75FF3E8-2E6F-4468-851A-A9673888EC2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{ABF113D6-29C0-49C6-95D1-5460E6755915}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B5BF58AC-BB94-43D5-80BF-0D75C550C4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{B67120A8-E926-44CD-AF87-480609384053}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{BBCD16ED-165F-4A63-AE6E-675FA8C75EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF33A31E-4BBF-4509-8C0B-F4C6DD711BFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D615E015-0D57-46E7-9E21-6D34389F2969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAE00745-418C-4D3B-BDC9-E9136E183A87}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{DD06FC70-AD7F-4E3E-A859-093B94D02FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E6B74565-9E8F-43FD-827C-AEEE12D01115}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E6E0A1C7-B00F-473B-A132-E6FE6DCA1A2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EB088F15-EC02-4805-A003-B6346D656EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\live\viewer\vimviewer.dll |
"{ECA80D34-ED9D-428C-96A0-57A43307AA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EE3DFE02-C1B7-4F81-804B-8956DE9592C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{F7C7A1DE-DB3E-492B-949A-429D8615D6CB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{FD98A105-EBF2-4DCC-AA87-092C8CED9415}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{06F8F5DE-6BB7-4351-8E55-12E836081B72}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{40C4FA6B-B629-4C77-AB4C-2B721C7D6593}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{46009305-C214-480D-BA80-02B86E63AC4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4844431C-6887-412A-93EE-7840FB5E1A76}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{4DD89789-4218-42AE-BE43-38494FA70576}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{53479E24-1554-4770-9D13-90516C498490}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{54A18B89-C540-4B6F-AF7F-F5B101AED581}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{5C4A6D8E-ACF9-467C-A099-A0D6027D87C8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{621BD400-A92D-4ADE-BD23-A16C8CDD911D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{65C13156-1915-45E0-A3B6-34C86311BA9E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{74226060-6429-49B8-BE20-5163A8ED4DD2}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"TCP Query User{81F7417A-95FC-47D4-9593-1B09B69591D1}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"TCP Query User{83F94912-46C9-4698-B02D-347AE6D047CD}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"TCP Query User{860D86B8-3703-4D2F-908E-1A0EDC555DE2}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"TCP Query User{89E5BCA4-825B-4414-A0DF-D5F79C921A61}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8A8FB053-F734-498C-8566-7802C5E09FD1}C:\users\brian\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"TCP Query User{99211712-3B71-4E9F-8ACB-BD851A7AF564}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9EBA9B75-CFD6-429B-8953-8E18282300B5}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"TCP Query User{9F8D0EAC-06DD-4BA9-92BF-A1F0A49BB94E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A261D479-22AE-4642-89EA-AE75B902A711}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |
"TCP Query User{C4CB78A5-DC1C-4557-BFE2-8A7C999A0655}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"TCP Query User{C6C7E0ED-8747-4018-813C-F5C082C224D9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{CA831B8E-5D60-4BD6-96A5-C5ACC049625C}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"TCP Query User{CBED1D7E-DA71-4EF3-A96D-CF5290A4F746}F:\crack\nba2k10.exe" = protocol=6 | dir=in | app=f:\crack\nba2k10.exe |
"TCP Query User{D9DDDCEF-58CD-4717-8B12-1384DFCC003C}C:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{E26E7D75-358A-48A1-9965-7FCFED6180BC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{E45772BA-5655-464A-AFCA-41215D8D4CB9}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"TCP Query User{E72B45CC-DC9F-4D00-B3B8-3165AA758D1C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EAB06204-8A5C-451B-A2F1-194F079A85BC}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{F4775948-6E75-407B-BAC9-5C3A6B37D187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{0D908CE4-7368-4F92-8DC1-464796568171}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1407D473-29F6-454B-ABA8-8CDD76C97F7C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{14BDF9DE-431F-4FC3-81AF-0BB04FAE2600}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{156FC1F8-13C8-4C04-B7DD-3D43310E83CC}C:\users\brian\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\brian\downloads\utorrent.exe |
"UDP Query User{16A7310B-ADE6-46A5-BFB9-CB6A24B5A6F3}C:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.625\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{1F86099F-FD93-41C8-8091-69D399E84ACB}C:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.954\crack\nba2k10.exe |
"UDP Query User{1FC67736-C611-4E0F-BCF8-A091FE91CCBC}C:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex04.626\nba2k.reloaded.crack\crack\nba2k10.exe |
"UDP Query User{284A1487-2AF9-4E2D-B75B-86F57E84C2C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2EC82CC6-DC83-431A-99CD-DB889E9B5DCC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{42476515-FBD8-4CCB-98EE-A254FAF9FB65}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{48BB7763-3117-4713-B598-2055D73A5FA1}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{5984EA16-4350-49CD-9E95-618330857FFD}C:\program files (x86)\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\uusee\uuseeplayer.exe |
"UDP Query User{65D99ADF-A041-43C4-9F1A-D1BA228747D9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{6C5AF97F-9718-4582-8A66-F4CECB2BCD92}C:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex08.254\crack\nba2k10.exe |
"UDP Query User{77C1F941-FCAA-4A2D-B305-1930C9EAD713}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{7C16C731-CE5B-4EBF-ABBF-C7DF4703034D}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{7FF70C1D-B2E1-472D-AA8D-4F4872C76EBD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{84426864-6BDE-43F3-BD2A-96BE162091CC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{981763CE-49E5-4DC6-B34C-A5F2F01AD7ED}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{9BBFBD59-14F4-443F-839C-5FC908BBEED3}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{9D2DEDA8-454E-4E2C-B5C0-BD1EC1189BBC}C:\program files (x86)\daum\potplayer\potplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daum\potplayer\potplayer.exe |
"UDP Query User{A4ECD998-B794-4E80-881E-91D4225E12BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A893B976-B881-499B-A4D0-DD9406D5970D}C:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex19.8281\crack\nba2k10.exe |
"UDP Query User{B7C117FC-0AA1-44B8-B01C-27745F92B0B6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D2A97898-A3C9-44C6-B6E3-62177EF467EC}C:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex18.0421\crack\nba2k10.exe |
"UDP Query User{DD77E583-E04E-460D-9E70-2775086B50E4}F:\crack\nba2k10.exe" = protocol=17 | dir=in | app=f:\crack\nba2k10.exe |
"UDP Query User{E8DDA562-C413-404E-869B-342086757D9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F1E99BF9-E774-4C73-BAC2-DF4E24585D54}C:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{FA2A441B-F82C-4EAE-A514-8FC5E5FD1187}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{FC1E34AB-A0CD-408D-BC80-A0FC3E7A968F}C:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe" = protocol=17 | dir=in | app=c:\users\brian\appdata\local\temp\rar$ex00.972\crack\nba2k10.exe |

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{889450B1-87C5-4A38-B766-DBBC9845EABE}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel®️ Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB8A5373-8AE1-410A-83F5-51560464CC95}" = ESET Smart Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audio Converter Pro" = River Past Audio Converter Pro
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635E5FD4-5AF3-4EFD-8060-FE5113A1ECC1}" = ShowInfo
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1" = Crawler Radio & MP3 Player
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DADFF3C9-EDF8-43E9-9F60-BE816EB20BA6}" = Trivia Mania
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EBE92A10-97D2-48F2-A116-5F618D87D7F0}_is1" = TOMÖ±²¥2.0
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Applian FLV Player2.0.24" = Applian FLV Player
"Autobahn" = MLB.TV NexDef Plug-in
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DC-DSP Filter" = DC-DSP Filter 1.03
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3078] [2009-09-17]
"FLAC" = FLAC 1.2.1b (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 6.7.3
"Google Updater" = Google Updater
"GooglePinyin" = Google Pinyin IME
"Graboid Video" = Graboid Video 1.65
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"ImTOO DVD Audio Ripper 5" = ImTOO DVD Audio Ripper 5
"ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.4 (Basic)
"Living Marine Aquarium 2 Full Screen Saver" = Living Marine Aquarium 2 Full Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNINST" = MSN
"PANDORATV LIVE_is1" = PANDORATV LIVE
"PotPlayer" = Daum ÆÌÇ÷¹À̾î
"PPLive" = PPLive 1.9
"PPStream" = PPStream
"Privoxy" = Privoxy 3.0.6
"RealAlt_is1" = Real Alternative 2.0.1
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Replay Video Capture3.1B" = Replay Video Capture
"Resident Evil 4_is1" = Resident Evil 4 1.10
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = Stream Torrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TNod User & Password Finder 1.0.0" = TNod User & Password Finder 1.0.0
"Tor" = Tor 0.2.0.34
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Ultra Video Converter_is1" = Ultra Video Converter 4.4.0827
"UUSEE" = UUSee ÍøÂçµçÊÓ [5.9.512.1]
"UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 5.9.512.1
"Veetle TV" = Veetle TV 0.9.15
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VLC media player 1.0.3
"WebcamMax" = WebcamMax
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Ultimate SE 5" = Xilisoft DVD Ripper Ultimate SE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2009 1:35:17 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed BackupStates.xml

Error - 11/18/2009 1:35:18 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed SecurityStates.xml

Error - 11/18/2009 1:35:18 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed SecurityOffers.xml

Error - 11/18/2009 1:35:20 PM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed HealthStates.xml

Error - 11/18/2009 4:09:19 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000005, fault offset 0x00038e7c, process id 0xa94, application
start time 0x01ca6875fa441330.

Error - 11/19/2009 1:43:16 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000005, fault offset 0x00038e7c, process id 0xd1c, application
start time 0x01ca68bb37942830.

Error - 11/19/2009 11:28:01 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2009 11:30:39 AM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 11/20/2009 11:53:40 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2009 11:56:49 AM | Computer Name = Brian-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoƖute,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

[ Media Center Events ]
Error - 4/2/2009 1:26:46 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 9:23:33 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 9:23:34 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 11:31:29 PM | Computer Name = Brian-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&01E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 11/20/2009 11:36:34 PM | Computer Name = Brian-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4)
disappeared from the system without first being prepared for removal.


< End of report >

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
bump

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\Windows\SysWow64\drivers\eicqfu.sys
    C:\Windows\SysWow64\drivers\zjddprwx.sys
    C:\Windows\SysWow64\drivers\qlsm.sys
    C:\Windows\SysWow64\drivers\ojsjszpq.sys
    C:\Program Files (x86)\jmrcr.txt
    C:\Windows\SysWow64\drivers\nxjsojd.sys



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
C:\Windows\SysWow64\drivers\eicqfu.sys moved successfully.
C:\Windows\SysWow64\drivers\zjddprwx.sys moved successfully.
C:\Windows\SysWow64\drivers\qlsm.sys moved successfully.
C:\Windows\SysWow64\drivers\ojsjszpq.sys moved successfully.
C:\Program Files (x86)\jmrcr.txt moved successfully.
C:\Windows\SysWow64\drivers\nxjsojd.sys moved successfully.

OTL by OldTimer - Version 3.1.6.1 log created on 11212009_134041

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
bump

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Sorry, missed your post.

How is the machine now? them few sys files were the only thing that looked a bit weird to me.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
still running horrible........ now fan is running for no apparent reason
still getting same error message in eset nod 32

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
i have another question what do i do with files in malware bytes quarentine list ..... i have about 30 files in there that are in quarentine ...... do i delete all of them .... i havent because i was concerned i was deleting something that might not be a trojan or virus..... i would post the list of files in quarentine but im not sure how to....

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
bump

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
Slowness could be related to something else.

MBAM quarantined items are dead, you can delete them if you want to.

Post a new Hijack This log.

descriptionpretty sure i have a trojan need help - Page 2 EmptyRe: pretty sure i have a trojan need help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum