To start off, I use Windows Vista and I followed all of the steps listed in the 'Malware and Spyware Cleaning Guide.' I've been instructed over at the Windows Vista forum to get checked out before they can help me.
For quite a while now I've been having Windows Automatic Updates continually fail at installing certain updates. Even when I go directly to Microsoft's site and download them manually, they still do not install. This is due to corrupt system files I believe, as when I did the "sfc /scannow" thing I got multiple corrupt files listed, but was told that the system could not automatically repair them.
On another note, the Windows Security Center simply will not open for me. I do not get an error message or anything of the sort, but whenever I try and either click on the Windows Security Alert bubble (which I got when I briefly turned off AVG) or go directly through Control Panel, the Security Center doesn't open. I get the hourglass-mouse for a couple of seconds and then nothing loads or happens, and this has been happening for quite some time. No where have I found any solutions to this problem.
I was instructed that, because Security Center would not open and because Windows Updates were failing to install, that I should see in this forum if I am infected with something. As I said, I've gone through all of the steps listed in the aforementioned Malware/Spyware guide. Also, I've taken a screenshot of the Windows Update screen just so show the failed updates (in case that was pertinent).
Oh, and yesterday I performed an AdAware scan on my computer, which resulted in the detection of a Trojan that had a security threat level of 10.
I am unsure of what could be wrong with my computer, any help would be fantastic! Here are all of the logs, starting with OTL's:
OTL logfile created on: 8/4/2009 12:16:22 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.72% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 210.16 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.99 Gb Free Space | 73.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEFF-PC
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/04/28 22:07:32 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/28 22:08:00 | 00,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2008/01/20 22:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/26 11:40:32 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/10/03 15:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/04 13:37:23 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/03 00:07:03 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/06/26 11:40:36 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/01/20 22:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/05/11 14:51:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/08/23 15:58:58 | 02,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/10/03 15:44:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/01/20 22:23:24 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/08/31 15:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/06/26 11:40:33 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/06/10 13:56:32 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/06/17 15:31:42 | 01,814,528 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe
PRC - [2008/01/20 22:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/12/18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/04/11 01:57:55 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/08/04 11:43:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/04/28 22:07:32 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/26 11:40:32 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/20 22:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/10/21 13:48:39 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/20 22:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/23 20:49:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2007/10/03 15:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/20 22:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/06/30 21:09:32 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/01/20 22:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/04 13:37:23 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/01/20 22:23:24 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/10/07 22:30:00 | 00,221,286 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2007/12/02 18:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2009/08/03 00:06:48 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/08/03 00:07:03 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/07/15 11:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/01/20 22:23:24 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}:0.3.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630
FF - prefs.js..extensions.enabledItems: [email protected]:2.95
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 11:41:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 11:31:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 11:31:23 | 00,000,000 | ---D | M]
[2008/06/20 17:18:32 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Extensions
[2008/06/20 17:18:32 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/03 21:21:39 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions
[2009/06/15 23:10:46 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
[2009/07/31 14:44:40 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/08/03 00:55:54 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/03 00:12:36 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/15 23:10:48 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/07/23 10:44:58 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/03 00:56:51 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2008/10/16 16:50:39 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\[email protected]
[2009/08/03 00:51:24 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\[email protected]
[2009/08/03 00:50:02 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\[email protected]
[2009/08/03 00:47:41 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\mozilla\Firefox\Profiles\9mxldzvq.default\extensions\[email protected]
[2009/07/30 17:02:22 | 00,005,407 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\FireFox\Profiles\9mxldzvq.default\searchplugins\fast-browser-search.xml
[2009/08/03 00:12:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 11:31:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 15:53:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/30 20:26:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/10 12:31:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/04 11:31:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 11:31:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 11:31:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/06/20 17:25:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 17:51:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/03 00:12:22 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/08/03 00:12:22 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (304441 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10508 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Turtle Beach USB MIDI 1x1] C:\Program Files\Turtle Beach\Turtle Beach USB MIDI 1x1\TBUM11.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4888d1a1-fbab-11dd-a27c-000f6612d6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{4888d1a1-fbab-11dd-a27c-000f6612d6fc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{60e07b49-72dd-11de-897f-000f6612d6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{60e07b49-72dd-11de-897f-000f6612d6fc}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/08/04 12:12:58 | 00,000,000 | ---- | C] () -- C:\Users\Jeff\Desktop\settings.dat
[2009/08/04 12:11:45 | 00,146,587 | ---- | C] () -- C:\Users\Jeff\Desktop\failedupdates2.JPG
[2009/08/04 12:10:57 | 00,062,764 | ---- | C] () -- C:\Users\Jeff\Desktop\failedupdates.JPG
[2009/08/04 12:08:19 | 00,470,528 | ---- | C] ( ) -- C:\Users\Jeff\Desktop\RootRepeal.exe
[2009/08/04 11:53:13 | 00,000,676 | ---- | C] () -- C:\Users\Jeff\Desktop\ERUNT.lnk
[2009/08/04 11:53:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/04 11:43:53 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2009/08/04 11:41:16 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jeff\Desktop\SysRestorePoint.exe
[2009/08/04 11:40:01 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\TFC.exe
[2009/08/03 00:23:31 | 00,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Pictures
[2009/08/03 00:08:08 | 00,000,508 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/08/03 00:07:03 | 00,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/08/03 00:07:00 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009/08/03 00:07:00 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009/08/03 00:06:48 | 00,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/08/03 00:06:46 | 00,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009/08/03 00:06:38 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/08/03 00:06:37 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009/08/03 00:06:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/02 20:56:01 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/07/30 20:17:16 | 00,000,000 | ---D | C] -- C:\Program Files\MobScripter
[2009/07/28 17:04:33 | 00,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Incomplete
[2009/07/28 13:45:18 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/23 10:45:58 | 00,000,000 | ---D | C] -- C:\Users\Jeff\Documents\FrostWire
[2009/07/23 10:45:54 | 00,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\FrostWire
[2009/07/23 10:45:11 | 00,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2009/07/23 10:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
========== Files - Modified Within 14 Days ==========
[2009/08/04 12:12:58 | 00,000,000 | ---- | M] () -- C:\Users\Jeff\Desktop\settings.dat
[2009/08/04 12:11:48 | 00,146,587 | ---- | M] () -- C:\Users\Jeff\Desktop\failedupdates2.JPG
[2009/08/04 12:10:59 | 00,062,764 | ---- | M] () -- C:\Users\Jeff\Desktop\failedupdates.JPG
[2009/08/04 12:05:41 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/04 12:02:08 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/08/04 12:02:03 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 12:02:02 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 12:01:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/04 12:01:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/04 12:01:07 | 03,961,699 | -H-- | M] () -- C:\Users\Jeff\AppData\Local\IconCache.db
[2009/08/04 11:53:13 | 00,000,676 | ---- | M] () -- C:\Users\Jeff\Desktop\ERUNT.lnk
[2009/08/04 11:43:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2009/08/04 11:41:19 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jeff\Desktop\SysRestorePoint.exe
[2009/08/04 11:40:27 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\TFC.exe
[2009/08/04 11:30:10 | 39,508,200 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/03 21:09:10 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/03 18:31:29 | 00,057,742 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/03 15:27:39 | 00,087,040 | ---- | M] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/03 00:07:03 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/08/03 00:06:48 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/08/03 00:06:46 | 00,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009/08/02 20:56:11 | 00,816,954 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/02 20:56:11 | 00,683,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/02 20:56:11 | 00,135,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Users\Jeff\Desktop\RootRepeal.exe
[2009/07/25 12:39:54 | 02,316,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
========== LOP Check ==========
[2009/08/04 11:40:37 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming
[2008/06/20 18:25:41 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\acccore
[2009/01/31 00:28:26 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Atari
[2009/05/22 09:58:03 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\ATI
[2008/10/11 21:31:43 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\atitray
[2009/07/27 22:36:20 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Audacity
[2008/10/16 23:58:27 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Avid
[2008/12/28 18:20:38 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Azureus
[2008/08/10 15:09:12 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Canon
[2009/01/02 13:26:01 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Chessmaster Challenge
[2008/07/02 19:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Pro
[2008/12/21 21:03:40 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DVD Flick
[2009/01/02 22:06:48 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DVDFab
[2008/07/14 15:24:07 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\fretsonfire
[2009/08/02 16:48:26 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\FrostWire
[2008/11/04 11:35:19 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Gearbox Software
[2008/12/20 10:34:30 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\GOL_byHasbro
[2008/11/28 11:16:47 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Leadertech
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Media Center Programs
[2008/10/01 09:53:33 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mount&Blade
[2008/07/01 23:28:57 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Nexon
[2009/01/27 22:20:18 | 00,000,000 | RH-D | M] -- C:\Users\Jeff\AppData\Roaming\SecuROM
[2008/08/11 13:14:07 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Steinberg
[2009/05/21 14:52:42 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SystemRequirementsLab
[2009/04/08 09:30:32 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\The Creative Assembly
[2008/06/26 19:26:39 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\thriXXX
[2008/06/20 19:20:08 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TuneUp Software
[2009/04/02 19:41:46 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\U3
[2008/10/11 19:39:04 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Uniblue
[2009/01/24 21:04:53 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\ValuSoft
[2008/11/17 11:37:29 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\vexorian
[2009/06/14 16:53:28 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Vso
[2008/08/08 20:44:58 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WinFF
[2009/05/20 15:00:04 | 00,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Xfire
[2009/08/04 12:02:08 | 00,000,508 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2009/08/03 21:09:10 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/04 12:05:41 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/08/04 12:01:59 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/04 12:01:09 | 00,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2006/11/01 14:06:18 | 00,162,616 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\RegDelNull.exe
[2008/03/13 15:54:56 | 04,689,920 | ---- | M] (Sony DADC Austria AG) -- C:\SecuROM_Uninstaller.exe
< End of report >
OTL Extras logfile created on: 8/4/2009 12:16:22 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.72% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 210.16 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.99 Gb Free Space | 73.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEFF-PC
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014B780-B94F-4DFD-9F7F-9FE91D5A69F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0443996E-9B90-4CA1-8F51-8B2D5AABB29D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0739E254-6FBB-4679-A146-424B135DADB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{082CA38B-88CC-4642-BB88-0767AC1714AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1A942F9D-7953-4D89-BF04-722947B08AB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F0096C2-071C-4369-84D3-FA564B0747DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FD7E6AD-1F9D-402E-AA1B-0967028A6FF4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36EDC0F9-8ADC-49ED-9171-D06B156A471D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7BD663-9E58-4159-94E9-BA77992A1F9A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5C41288D-6220-4301-9033-92D401A86433}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DBF2DAF-5F5B-419E-9B42-32C04B89DE89}" = lport=6112 | protocol=17 | dir=in | name=warcraft iii |
"{630338B5-997A-488D-89FD-F4F132ACF9FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63CF270D-E01C-47F6-81F3-06F47E904B47}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{66AFAC1D-0699-480B-92A4-5CE02C89A979}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DD63149-0381-4012-A6FD-9DDE87E0D9A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{714D49AA-15B3-4533-9A4B-06117448F39C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{78DCD529-DEB6-4B99-870F-77A090ECEAD1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7ECF3069-E3A2-44EE-A00F-7C0746AB9804}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7FB7A8E7-EB62-4C44-BB36-CE89E5475C26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84112FF7-0ED3-46FF-8976-99124252B2F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D50FC56-0A2C-4955-8C14-6E61D4AA64BD}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A2C53881-69BB-40B1-BFF2-9F06A84797BE}" = lport=6112 | protocol=6 | dir=in | name=warcraft iii |
"{AA285CE8-1201-4165-A012-A71359008C72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B382279A-C690-4F7F-9D08-71D7CB179E1D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BB0A18F6-8F3E-40EF-98BE-163F26FA8003}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C623AD11-F929-48AB-A38E-114C5FCD390A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D10F462C-0A3B-4A40-B55F-11D457D99FB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D137FA78-4302-4BCF-95D0-FD911CD6F648}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAAB0186-FBD5-469D-8B68-7DA1F6BA54E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E310FC6C-812A-49B5-B72D-1FEE75FFA6ED}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EC874D0C-06BE-4CED-9766-8CD265BCFC0F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ED84585E-02E5-42F3-9EEB-8E73F42FB4D0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F01518C1-9E46-4109-988F-1C5962806527}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F123A67D-11D2-429B-B9CE-8D784511D541}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F74234A0-9168-4376-A26A-83C2CC439049}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD785C46-896C-4D1A-896B-75BFB59BD62B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0091295A-2CE2-49C4-A95A-3F4F44BC2661}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{08D0F040-108F-4DB7-95CF-A3DD64CB5B96}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0F0CD73C-2A4F-4C3B-9273-3C8DBA712E51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0FBE89EE-D690-49C4-A2F5-F8BDD42B7A45}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{2130E9A0-B86E-477B-841E-D5740217AD22}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{231792EE-DAD6-4509-A614-15CB4DFA2305}" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"{2CE74C0A-56AD-4A76-B071-7E833BC4F4D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{302A5BF6-8860-4B4E-8E36-86DDB182E650}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31C696E6-1AA9-470E-BD2A-00553B9EE8EE}" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"{3364462E-2F17-4BC4-AD4C-135AB6EE0E5A}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{36B6FC29-7DA0-4382-8488-AC9DC88C42C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C306ECB-C170-4D31-884E-FDFD69834A2B}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{3E2D4C0B-A788-4548-AAE4-309E6CB44EB1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{51E7DDB6-D447-4A58-921D-852B4079F598}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{54FEACD3-BADF-40E7-A9C2-F298B2979F26}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{59ECA145-184C-4085-9935-CC69F2759E31}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6465E8B4-EDD7-4280-8E5F-810C4AF5FAE8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{65785BD5-93B2-4BC7-A3C9-C06F740B4AE9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{77A221C1-18E8-458B-BC95-E1C3C4922004}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7AE2D263-5F88-4D29-9E56-5D31BC06C924}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{84BFED97-D2E4-4B74-A3BB-DF3BDF69D891}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{918D6876-653E-494B-B6D4-8442CDDC9B93}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{969AF731-BED4-4ECC-A1F1-92CA2FB29483}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{985BFF30-A7B5-48B5-B4F4-2744848E2C0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A35968D-4D9E-4E03-AE72-3D0EFEC066A2}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{9BE37324-48E5-40D3-B8B5-7B453A2AEDDE}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9ECDE868-7A56-435D-9FC0-BFC40325F0AC}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{AE8590D8-8114-4D30-89D3-19E5AA255533}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.0\bin\xnaliveproxy.exe |
"{B364A3F1-46D9-4F1D-AA27-A7F62E1A9F33}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B3B51420-F38D-4DF5-8793-7DD89F81EF51}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BACA3C75-8A5B-4DDF-9D66-AD5E43FC6CDF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C41883B5-DB56-4DF5-8EFF-1B576C4CACCF}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{CE6BAB07-08CC-4C1B-B277-5FF90197CC79}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CF84BDA6-B4C1-4F96-8A46-F5FC8F20B070}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DDDF32C9-6962-4978-B86B-44DEDF9E4AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3C9EADE-18C6-4574-8BAA-07D7C2B4EC7B}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{ED2E1FEA-FACA-41B6-9EFC-27937D4B5C9D}" = protocol=6 | dir=out | app=system |
"{EDD308FB-9074-47C0-88D7-0FC00A816787}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F98F6C12-F778-444D-B9F5-75FFB6D766E7}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"TCP Query User{1E3FFB71-CB39-4F9B-93B2-6808B4A4DE17}C:\games\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\games\left 4 dead\left4dead.exe |
"TCP Query User{26BAA0C4-8C5A-4DA8-A052-1ACBA7A5DCA1}C:\program files\warhammer 40,000 dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\warhammer 40,000 dawn of war 2\dow2.exe |
"TCP Query User{272BFCD6-3AEC-4553-A0AA-3BD47C80FC9B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{439528DB-0897-4674-9687-FFBB7B475B20}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{4AEB59F2-6D42-4B2B-97B4-0256D673EBBE}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{89E2977D-1D81-4C53-94FD-33F0EF32F029}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8DF94846-A4B1-41EA-B951-3F83F1765BFD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{A10FC40B-DDCD-42F8-9ED7-017C91AF0A01}C:\users\jeff\appdata\local\virtualstore\program files\bitlord\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=6 | dir=in | app=c:\users\jeff\appdata\local\virtualstore\program files\bitlord\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe |
"TCP Query User{BAF9B692-8A2A-4E09-952F-BCDAC0418AB7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{D1C8CE4A-8EEC-42D1-8131-D601F84777F4}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{D61D14F0-BF7C-4D9D-93BB-0C53A50EC328}C:\program files\warhammer 40,000 dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\warhammer 40,000 dawn of war 2\dow2.exe |
"TCP Query User{DBEC1012-8948-4621-B62A-EA49B80D9B46}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{DE86712A-267B-4990-9C28-5A69C94EFC74}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0027FEB7-497A-4B9D-AFC0-4C40A0D5BA46}C:\program files\warhammer 40,000 dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\warhammer 40,000 dawn of war 2\dow2.exe |
"UDP Query User{0029B70D-614E-44B4-B623-721421FB5430}C:\games\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\games\left 4 dead\left4dead.exe |
"UDP Query User{700ED51D-D7E1-48C2-88EB-B44B80B644B4}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{70956A6C-19AF-4148-B7DD-685C023A7624}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{7C2B661C-9043-4CEF-9FE2-DCEB4FC5A33E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{8441D6CD-69EF-463F-BA73-CA2763A04227}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{8E4098DB-AB07-4E64-91CB-DBA7AC4C6064}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{9353B0BD-1D9C-44B3-91AD-A205F64030BA}C:\program files\warhammer 40,000 dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\warhammer 40,000 dawn of war 2\dow2.exe |
"UDP Query User{A292EF9B-F616-4ED7-8469-6CE45DF98520}C:\users\jeff\appdata\local\virtualstore\program files\bitlord\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=17 | dir=in | app=c:\users\jeff\appdata\local\virtualstore\program files\bitlord\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe |
"UDP Query User{D1376C6B-39CD-4E73-90A0-759AA75104A3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D383DE08-8329-494B-AAF5-4A080E76E813}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DC1A2E7C-FD74-4D99-9217-B5D123C5696A}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{EA23A301-0649-4C42-AA16-50151079BF03}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.0 (Platformer)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C9A225D-200C-7ED1-E37F-287310111FA1}" = Catalyst Control Center Graphics Previews Common
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.0 (Redists)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1DB5BDA2-1D0C-4213-8190-C587B14F6800}" = ZuneIEPlugin
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.0 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D0FE5DC-DA88-4682-B5BA-B05A87B6F1A0}" = HDView for Firefox
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{53A0D549-DD39-C3C9-1E4D-07DBB746F454}" = Catalyst Control Center Graphics Light
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager
"{555D5F00-9CEE-4FE5-8C2A-5856A4DF94F4}" = Intel® Network Connections 13.3.46.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{683BF9D8-5882-86CF-445F-62BED7B9AEA8}" = Catalyst Control Center Graphics Full Existing
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{74B0050D-709E-4BD4-A5F4-5A7819F324FA}" = Turtle Beach USB MIDI 1x1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785609EC-F8E5-739D-FF35-B79671482252}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.0 Documentation
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8CED1580-F9C0-AEE1-1223-64A323E84E41}" = Catalyst Control Center Graphics Previews Vista
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{93AE099E-1500-42C2-8174-7AED23D33A73}" = Motorola Phone Tools
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}" = Catalyst Control Center InstallProxy
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC3F9FEE-1A44-4FCE-BD72-BD27D4BC6279}" = Microsoft XNA Game Studio Platform Tools
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.0 (Shared Components)
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C16FA487-15D3-7127-F4BE-183FF53D4197}" = Catalyst Control Center HydraVision Full
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB291304-2124-AA80-9ED6-B1F8B37F9C98}" = Catalyst Control Center Graphics Full New
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEE5F860-7FAB-80D0-E7CF-022C18B95E25}" = ATI Catalyst Install Manager
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D1F92724-8E5E-837F-BAC3-CC70AA2A18D1}" = CCC Help English
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
"{E0EAC506-6ADF-4327-82D0-2A94733F49A5}" = Catalyst Control Center Core Implementation
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.0 (ARP entry)
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5968199-2327-E3D6-AD19-D0E33F2E7961}" = ccc-utility
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"AIM_6" = AIM 6
"A-one iPod Video Convertor_is1" = A-one iPod Video Convertor 6.3.4
"ArtMoney PRO_is1" = ArtMoney PRO v7.27
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Chessmaster Challenge_is1" = Chessmaster Challenge
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"doubleTwist desktop" = doubleTwist desktop
"Drakensang_is1" = Drakensang
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Flick_is1" = DVD Flick
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]
"File Extension Changer_is1" = File Extension Changer 3.3
"FL Studio 8" = FL Studio 8
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"FrostWire" = FrostWire 4.18.0
"GameBoost_is1" = GameBoost
"Google Updater" = Google Updater
"Graphical Enhancement Resources" = Graphical Enhancement Resources 2.5
"Graphical Enhancement Textures" = Graphical Enhancement Textures 2.5
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"Image Composer" = Microsoft Image Composer 1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"MobilityDotNET" = DH Mobility Modder.NET
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"NTREGOPT_is1" = NTREGOPT 1.1j
"PeerGuardian_is1" = PeerGuardian 2.0
"PoiZone" = PoiZone
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® Network Connections 13.3.46.0
"PunkBusterSvc" = PunkBuster Services
"rayatitray" = Ray Adams ATI Tray Tools
"ST6UNST #1" = MobScripter 5.6 Stable
"SystemRequirementsLab" = System Requirements Lab
"The Game of Life 1.00" = The Game of Life 1.00
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"Toxic Biohazard" = Toxic Biohazard
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Unlocker" = Unlocker 1.8.7
"VB 6 Runtime Pack_is1" = VB 6 Runtime Pack
"Videora iPod Converter" = Videora iPod Converter 4.01
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wik and the Fable of Souls_is1" = Wik and the Fable of Souls
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinFF_is1" = WinFF 0.42
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World Geography Tutor" = World Geography Tutor
"Xfire" = Xfire (remove only)
"XNA Game Studio 3.0" = Microsoft XNA Game Studio 3.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zune" = Zune
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6001 Service Pack 1
8/4/2009 12:00:37 PM
mbam-log-2009-08-04 (12-00-37).txt
Scan type: Quick Scan
Objects scanned: 94571
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/04 12:13
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0xC30E0000 Size: 819200 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xD4D7E000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spcv.sys
Image Path: C:\Windows\System32\Drivers\spcv.sys
Address: 0xBCA33000 Size: 1036288 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1376 Status: Locked to the Windows API!
==EOF==
Sign In
Create Account
