This is the Malwarebytes log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6000
25/07/2009 00:07:32
mbam-log-2009-07-25 (00-07-32).txt
Scan type: Quick Scan
Objects scanned: 89614
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 16
Folders Infected: 8
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
Folders Infected:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\System32\msqpdxicxavrei.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630134849166.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630145015584.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630151041388.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630204133203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630211450792.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080701020903888.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080701025312945.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\extravideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\msqpdxriicgqjm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Elizabeth Find MD Diagnosis Mystery\groupmanager.exe (Backdoor.Bot) -> Delete on reboot.
Rootrepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/26 19:30
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C07F000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C074000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAB592000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!
SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xab07ef20
#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0xab07e160
#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0xab07e420
#: 075 Function Name: NtCreateSection
Status: Hooked by "<unknown>" at address 0xab07fbe0
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xab080260
#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xab07f4a0
#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xab07f760
#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0xab0805a0
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0xab07ff20
#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xab07e9a0
#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0xab07fd80
#: 324 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xab07f1e0
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xab07ec60
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xab0800c0
#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0xab080400
#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0xab07e6e0
Hidden Services
-------------------
Service Name: msqpdxserv.sys
Image PathC:\Windows\system32\drivers\msqpdxriicgqjm.sys
==EOF==
OTL:
OTL logfile created on: 26/07/2009 19:35:33 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Shiv\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
764.46 Mb Total Physical Memory | 196.11 Mb Available Physical Memory | 25.65% Memory free
1.75 Gb Paging File | 0.87 Gb Available in Paging File | 49.74% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.86 Gb Total Space | 1.42 Gb Free Space | 5.10% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 16.66 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.59 Gb Free Space | 79.47% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 6.66 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SHIV-PC
Current User Name: Shiv
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2005/01/14 10:32:38 | 00,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
PRC - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/03/22 10:59:56 | 00,063,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/02 13:34:44 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2007/10/29 07:02:38 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/12/06 09:12:44 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7311\Monitor.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/01/09 17:32:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/06 09:12:58 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/07/23 05:12:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/26 19:31:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Shiv\Downloads\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 19:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/11/05 22:31:54 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/20 02:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/27 05:00:41 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2008/06/20 02:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - File not found -- -- (SfCtlCom [Auto | Stopped])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/01/14 10:32:38 | 00,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - File not found -- -- (TMBMServer [Auto | Stopped])
SRV - File not found -- -- (tmproxy [Disabled | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.condui...&ctid=CT2276417IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "4chan Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.condui...rchSource=3&q="FF - prefs.js..browser.search.selectedEngine: "4chan Customized Web Search"
FF - prefs.js..browser.startup.homepage: "
http://en-us.start.m...en-US:official"FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.12
FF - prefs.js..extensions.enabledItems:
[email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/26 03:02:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 05:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/23 05:12:54 | 00,000,000 | ---D | M]
[2008/08/14 01:46:20 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Extensions
[2008/08/14 01:46:20 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions
[2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/20 19:25:25 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/14 12:34:27 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/02/02 12:00:17 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/01/13 09:53:00 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/27 09:47:30 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\
[email protected][2009/02/27 09:47:35 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\
[email protected][2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\staged-xpis
[2008/10/30 14:01:54 | 00,000,872 | ---- | M] () -- C:\Users\Shiv\AppData\Roaming\Mozilla\FireFox\Profiles\hf4x7526.default\searchplugins\conduit.xml
[2008/04/18 00:14:29 | 00,002,386 | ---- | M] () -- C:\Users\Shiv\AppData\Roaming\Mozilla\FireFox\Profiles\hf4x7526.default\searchplugins\siteadvisor.xml
[2009/03/04 01:00:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 05:12:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/04 01:00:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/23 05:12:52 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 05:12:52 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/04 00:59:41 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/23 05:12:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/21 11:08:37 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/21 11:08:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/21 11:08:38 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/21 11:08:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/21 11:08:38 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/21 11:08:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/21 11:08:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/21 11:08:38 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (freetrialdownloads-EN Toolbar) - {5B99C55C-AE59-4D93-BC3B-ED0C8DF4DA08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{18e15a37-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a37-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{18e15a6d-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a6d-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15a88-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a88-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15aa4-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15aa4-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15aa6-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15aa6-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{19460748-9b86-11dd-9862-f28532411dcd}\Shell - "" = AutoRun
O33 - MountPoints2\{19460748-9b86-11dd-9862-f28532411dcd}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{595acdfa-be28-11dc-b904-c1033f79efb3}\Shell - "" = AutoRun
O33 - MountPoints2\{595acdfa-be28-11dc-b904-c1033f79efb3}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7031f4e2-b0d2-11dd-9f5f-d547e3a10098}\Shell - "" = AutoRun
O33 - MountPoints2\{7031f4e2-b0d2-11dd-9f5f-d547e3a10098}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7031f4e3-b0d2-11dd-9f5f-d547e3a10098}\Shell - "" = AutoRun
O33 - MountPoints2\{7031f4e3-b0d2-11dd-9f5f-d547e3a10098}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8c8a-96de-11dd-b353-99eb14f176af}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8c8a-96de-11dd-b353-99eb14f176af}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8cab-96de-11dd-b353-99eb14f176af}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8cab-96de-11dd-b353-99eb14f176af}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8cec-96de-11dd-b353-940de2dad0a7}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8cec-96de-11dd-b353-940de2dad0a7}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{859e12c3-cfce-11dd-a180-9fbeb43958c1}\Shell - "" = AutoRun
O33 - MountPoints2\{859e12c3-cfce-11dd-a180-9fbeb43958c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{98cf4e6e-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{98cf4e6e-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{98cf4e86-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{98cf4e86-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{eef79024-e3cf-11dc-b430-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{eef79024-e3cf-11dc-b430-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{eef79025-e3cf-11dc-b430-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{eef79025-e3cf-11dc-b430-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f85-d198-11dd-9421-b50f87c26f9e}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f85-d198-11dd-9421-b50f87c26f9e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f95-d198-11dd-9421-8e0699b5b4e4}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f95-d198-11dd-9421-8e0699b5b4e4}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f98-d198-11dd-9421-91078a6c002f}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f98-d198-11dd-9421-91078a6c002f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f9a-d198-11dd-9421-d334515a97f5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f9a-d198-11dd-9421-d334515a97f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 14 Days ========== [2009/07/26 18:47:54 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 18:46:36 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/07/26 06:36:35 | 00,000,000 | ---D | C] -- C:\GameRival
[2009/07/26 06:36:33 | 00,827,392 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\FLASH.OCX
[2009/07/26 06:36:19 | 00,001,695 | ---- | C] () -- C:\Users\Shiv\Desktop\Gold Miner.lnk
[2009/07/26 06:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Gold Miner
[2009/07/26 03:03:21 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/26 03:03:21 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/26 03:03:11 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/26 01:10:25 | 00,009,127 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/26 01:10:24 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/25 22:00:55 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/07/25 04:24:27 | 00,032,768 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/25 04:24:27 | 00,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/25 04:24:26 | 36,388,864 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/25 01:53:06 | 01,675,370 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/25 01:53:06 | 00,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/25 01:51:30 | 00,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/25 01:50:52 | 03,662,296 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/25 01:48:50 | 00,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/25 01:47:41 | 00,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/25 01:47:34 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/07/25 01:47:14 | 00,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/25 01:45:41 | 00,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/25 01:37:49 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2009/07/25 01:37:42 | 00,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2009/07/25 01:37:40 | 00,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/07/25 01:36:53 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/07/25 01:36:50 | 00,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009/07/25 00:09:10 | 01,299,252 | -H-- | C] () -- C:\Users\Shiv\AppData\Local\IconCache.db
[2009/07/24 23:57:54 | 00,000,000 | ---D | C] -- C:\Users\Shiv\AppData\Roaming\Malwarebytes
[2009/07/24 23:57:51 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 23:57:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/24 23:57:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/24 23:57:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/24 23:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 23:52:32 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/07/24 23:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\freetrialdownloads-EN
[2009/07/24 23:45:37 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/24 23:44:59 | 00,000,733 | ---- | C] () -- C:\Users\Shiv\Desktop\NTREGOPT.lnk
[2009/07/24 23:44:59 | 00,000,714 | ---- | C] () -- C:\Users\Shiv\Desktop\ERUNT.lnk
[2009/07/24 23:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 07:47:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/07/23 07:41:48 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/07/23 07:41:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/07/22 19:55:37 | 00,000,000 | ---D | C] -- C:\Users\Shiv\AppData\Roaming\CoSoSys
========== Files - Modified Within 14 Days ========== [3 C:\Windows\System32\*.tmp files]
[2009/07/26 18:47:54 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 18:42:16 | 00,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:42:16 | 00,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:42:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/26 06:36:33 | 00,827,392 | ---- | M] (Macromedia, Inc.) -- C:\Windows\System32\FLASH.OCX
[2009/07/26 06:36:19 | 00,001,695 | ---- | M] () -- C:\Users\Shiv\Desktop\Gold Miner.lnk
[2009/07/26 03:21:32 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/26 03:21:32 | 00,608,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/26 03:21:32 | 00,109,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/26 03:15:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/26 03:11:21 | 01,299,252 | -H-- | M] () -- C:\Users\Shiv\AppData\Local\IconCache.db
[2009/07/25 22:37:54 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/07/25 22:30:40 | 02,305,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/25 21:22:14 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/07/25 21:22:01 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/07/25 18:59:43 | 00,100,944 | ---- | M] () -- C:\Users\Shiv\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/25 04:53:43 | 00,000,492 | ---- | M] () -- C:\Windows\win.ini
[2009/07/25 04:27:58 | 36,388,864 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/25 04:27:57 | 00,032,768 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/25 04:27:57 | 00,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/24 23:57:51 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 23:44:59 | 00,000,733 | ---- | M] () -- C:\Users\Shiv\Desktop\NTREGOPT.lnk
[2009/07/24 23:44:59 | 00,000,714 | ---- | M] () -- C:\Users\Shiv\Desktop\ERUNT.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== LOP Check ========== [2009/07/24 23:57:54 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming
[2008/02/12 16:27:00 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\AntsSoft
[2008/01/13 02:39:19 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\ArcSoft
[2008/02/06 05:56:42 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Big Fish Games
[2009/07/22 19:55:37 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\CoSoSys
[2008/11/13 23:05:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Flood Light Games
[2008/02/17 19:19:49 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\FrostWire
[2008/02/06 03:48:15 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\iWin
[2007/12/10 11:56:14 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Leadertech
[2008/07/02 17:07:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\NCH Software
[2008/07/02 16:54:31 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\NCH Swift Sound
[2008/12/15 00:08:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Oxin's Style!
[2008/06/23 02:47:34 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\SecondLife
[2008/01/04 01:33:03 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\SEGA
[2008/08/18 19:02:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\TypingMaster7
[2009/01/25 16:19:23 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\U3
[2009/03/17 04:18:57 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\uTorrent
[2008/04/07 17:57:22 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Windows Live Writer
[2008/01/09 03:00:25 | 00,000,252 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009/06/22 07:07:40 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/07/26 03:15:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/26 03:12:10 | 00,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 26/07/2009 19:35:33 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Shiv\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
764.46 Mb Total Physical Memory | 196.11 Mb Available Physical Memory | 25.65% Memory free
1.75 Gb Paging File | 0.87 Gb Available in Paging File | 49.74% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.86 Gb Total Space | 1.42 Gb Free Space | 5.10% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 16.66 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.59 Gb Free Space | 79.47% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 6.66 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SHIV-PC
Current User Name: Shiv
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C03F399-892F-4C21-ADDA-34FE79F33899}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1DC6736A-F679-44F5-A9C3-F4680C140085}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3BB46A5D-8F86-4344-9335-3D6C9496404F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{435D629E-08A9-4DA7-A44D-24AA2064F960}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{436D5A04-E6A0-43A9-82FF-49411D289956}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{529A9BFE-BAD1-4D05-AC0B-8F6991784427}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{540A478F-E17F-4C8F-A377-E654D3886535}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{56A9865F-EFE0-4322-9E1A-572299BB62E2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{696A3246-45FE-43A7-89CA-9B32B7D99244}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{8009637B-8F9A-445E-A732-3640AD22FA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{80CEB081-09EB-4AD2-9862-9AE57BAEE7AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8F4B66AF-DB6E-4EBE-8280-9DDF490A0919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F7326C4-2E33-4162-A993-6A06FBA92DF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDCD7586-B852-48A5-A9F7-46F1F234A235}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D247F092-E119-4865-8E15-CF3B50296BD2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D3C67A32-AC63-4CA2-A9A5-CBE1507E18EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DF960908-6FF2-40B2-916B-E9EB76927EC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E402F880-A14D-4653-BC11-00C558EE8A27}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4D9E5A8-65B3-4B8D-AAB9-2CAB8E283A62}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F10E6C5F-3C19-4AE0-A487-0D2C55D4372C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FCBEDF-1A38-466A-B222-4D4B3FCE0CF5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{05163122-441A-4B44-9BC3-EF00E989AE40}" = protocol=6 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{18825E0F-8182-483D-9166-6E32B892E55F}" = protocol=17 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{1C3A9DF5-7084-4502-92A6-4A6BF3E60062}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{211977E2-F767-48F8-9C84-6DFF03EE0674}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{29269F6C-1324-4E35-9ED9-7DAFD92D53C3}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{37715387-1185-40A6-AAEA-F73E88E7E9D6}" = protocol=17 | dir=in | app=c:\program files\trend micro\internet security\ufnavi.exe |
"{3A9DC517-C69E-4BF3-B137-A8FC09D830F8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5722E1C4-D0A8-48CA-A853-E2AC986D4C51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{59F08CF4-6949-461E-A592-FC24FE0E5764}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5AD8A47A-74CE-44E6-826C-37B404A794EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FC9DF49-ECD5-448E-8E1F-5DBA7BD5EB2D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{6E825433-4B01-4809-ABB5-653248CA48AC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{74298BED-DA72-4316-A266-486CD6458E28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5CF6A1-59D8-4080-9B64-77DD6045BEC2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{83A5B75A-1D3A-4605-9BCA-DCF18208AC2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{923A100D-CA2F-4F93-9748-C728287E7C1F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{94AD99FA-D209-4321-8FED-CEA9A3BDC055}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9A68039B-AF57-499C-AE24-70BD8991566A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{9AD9F18D-31BF-427A-9B84-AD82034921A1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ABB5E2DD-43B1-42E3-884E-E07AA4864A53}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B79803C9-6B71-4DEA-9CDA-2599EE8AEB11}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C648BDED-2285-4786-9B6B-23180CECA562}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DD248588-5B4B-49AF-9E39-102CADFCF0E4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{E1E1912B-EC85-4C86-84FE-79930CA60BEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E28FF039-FCB0-4081-A721-D2D36AF7E9A7}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{E4356F88-CB42-439B-99D4-40459322C911}" = protocol=6 | dir=out | app=system |
"{EC58B3B8-7189-40FE-BB5A-DF832176B08E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ED98AFA6-FACB-414A-AB6B-0FFA297B4CD0}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{EEEFAD5F-938D-4D52-AEF9-492A5FDDF409}" = protocol=6 | dir=in | app=c:\program files\trend micro\internet security\ufnavi.exe |
"{EF0D3671-D73C-4BD2-9BFC-0619F7AF11AF}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{F2F4AE29-A24F-4A36-9E89-2E9C6CA84F86}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{F349E5FE-FFB3-44A3-B6F1-4B702D3222E2}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F6BA88C2-154B-4B55-932C-A095ED39FA5C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F86D534B-F3E6-4FE9-859B-E468BE24C4AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF7E6F9F-93C7-4920-9742-17F13C33FCAD}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"TCP Query User{29027E1D-55D7-49B3-BBA3-5D7AD8972D3E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{662F29E6-09D8-4481-97A3-8E363D32CAA0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{698D48DD-72B3-43B1-8F3F-380772280148}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{A58B5E76-9E67-4AC5-AE0A-34077DB6F3D1}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{355350B0-88DC-4325-A4B3-D75095694BE2}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{38B225CB-792C-40AF-84DD-0861E05D622A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ECEEBB31-3A74-4D76-98DE-2E2F2CE8D785}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{F5DB0EE8-D2ED-4881-9FA8-15566F78DD88}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05CF1C54-CD51-432E-B496-96DF672B9872}" = WEA500
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11C51F70-3825-448F-BC36-C653C4A42623}" = MyBot
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = O2 Broadband USB Modem
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.24
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.24
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"freetrialdownloads-EN Toolbar" = freetrialdownloads-EN Toolbar
"Gold Miner" = Gold Miner (remove only)
"Google Updater" = Google Updater
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiS VGA Utilities" = SiS VGA Utilities
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 25/07/2009 00:31:01 | Computer Name = Shiv-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 25/07/2009 14:00:06 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25/07/2009 14:28:00 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25/07/2009 14:28:05 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25/07/2009 15:05:42 | Computer Name = Shiv-PC | Source = VSS | ID = 8194
Description =
Error - 25/07/2009 15:17:06 | Computer Name = Shiv-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7f8 Start Time: 01ca0d57423c8905 Termination Time: 640
Error - 25/07/2009 15:59:06 | Computer Name = Shiv-PC | Source = VSS | ID = 8194
Description =
Error - 25/07/2009 17:07:13 | Computer Name = Shiv-PC | Source = WerSvc | ID = 5007
Description =
Error - 25/07/2009 17:40:41 | Computer Name = Shiv-PC | Source = ESENT | ID = 215
Description = WinMail (3856) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 26/07/2009 00:00:02 | Computer Name = Shiv-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =
[ OSession Events ]
Error - 07/02/2009 19:11:10 | Computer Name = Shiv-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 144
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25/07/2009 22:15:44 | Computer Name = Shiv-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/07/2009 02:28:24 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 02:28:25 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 02:28:26 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 02:28:27 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 02:28:28 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7540A ATA Device' (IDE\CdRomOptiarc_DVD_RW_AD-7540A_________________1.42____\5&8358820&0&0.0.0)
disappeared from the system without first being prepared for removal.
Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
Error - 26/07/2009 14:11:39 | Computer Name = Shiv-PC | Source = BROWSER | ID = 8032
Description =
[ Windows OneCare Events ]
Error - 01/02/2008 15:49:06 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 01/02/2008 15:49:07 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 07/02/2008 01:01:15 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 07/02/2008 01:01:15 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 07/04/2008 12:06:57 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 08/04/2008 17:01:22 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.
Error - 23/07/2009 03:02:52 | Computer Name = Shiv-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.
Error - 24/07/2009 18:36:04 | Computer Name = Shiv-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80070004.
< End of report >
None of this makes sense to me, but hopes it helps!