Malwarebytes' Anti-Malware 1.42
Database version: 3300
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
05/12/2009 15:50:09
mbam-log-2009-12-05 (15-50-09).txt
Scan type: Quick Scan
Objects scanned: 113708
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b05a613-988e-4fa1-b2d7-55a1145fd1ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://windowsisearch.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windowsisearc...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/05 15:53
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D6F5000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D6EA000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x98FC7000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1320 Status: Locked to the Windows API!
==EOF==
OTL logfile created on: 05/12/2009 15:54:31 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Users\Bill and Mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.80% Memory free
4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 367.24 Gb Total Space | 64.57 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINUSER-PC
Current User Name: Main User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/05 15:29:04 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill and Mark\Desktop\OTL.exe
PRC - [2009/11/25 18:24:15 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/14 15:26:44 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Bill and Mark\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/17 08:45:25 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/17 08:45:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 08:45:22 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/17 08:45:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/17 08:45:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/15 09:12:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/06/24 14:37:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/26 11:46:22 | 01,579,528 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
PRC - [2009/02/26 11:46:22 | 00,563,720 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2008/12/29 14:59:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 07:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/09/29 03:01:04 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/03/01 14:38:48 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 09:45:59 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
========== Modules (SafeList) ==========
MOD - [2009/12/05 15:29:04 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill and Mark\Desktop\OTL.exe
MOD - [2009/08/17 08:45:26 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (LiveUpdate Notice Ex)
SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/11/14 15:25:45 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/17 08:45:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/17 08:45:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/15 09:12:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/26 11:46:22 | 00,563,720 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher)
SRV - [2009/02/26 11:46:20 | 05,576,712 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:36:49 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 07:36:15 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/29 03:01:04 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 01:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.machall.c...hp?date=020228"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.20090621
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:29:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 18:38:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/15 18:38:27 | 00,000,000 | ---D | M]
[2008/09/14 21:24:17 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Extensions
[2009/09/07 12:49:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/05 14:40:11 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/06/24 13:31:56 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2007/08/10 19:19:00 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/04/12 16:51:06 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/05 14:40:11 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/12 16:51:09 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/12 16:51:10 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/07/05 14:40:09 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/06/27 04:58:51 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2008/06/13 11:09:38 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/08/11 13:14:53 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2007/08/10 19:18:59 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2007/08/10 19:18:59 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/09/07 12:49:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\staged-xpis
[2007/08/10 19:19:00 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\temp
[2007/09/21 18:26:19 | 00,002,092 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\demonoid.xml
[2007/09/21 18:26:18 | 00,001,654 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\dogpile.xml
[2009/07/08 10:10:57 | 00,002,614 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\gamefaqs.xml
[2009/03/15 15:20:00 | 00,000,908 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\IMDB.xml
[2009/07/08 10:10:57 | 00,001,713 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\MagicCards.xml
[2007/09/21 18:26:19 | 00,001,110 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\pirate-bay.xml
[2008/09/14 01:20:19 | 00,000,273 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\search.xml
[2009/03/15 15:20:01 | 00,001,316 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\the-gatherer-v2.xml
[2006/11/30 18:30:42 | 00,001,025 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\wikipedia-english.xml
[2009/08/11 13:14:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 12:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/24 12:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/24 12:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/24 12:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (263327 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [Google Update] C:\Users\Bill and Mark\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Bill and Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Users\Bill and Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Main User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Users\Marie and Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 119 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 119 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10b1dc39-48d7-11dc-913a-001921d64b5c}\Shell\Auto\command - "" = udisk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/24 02:49:17 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009/12/05 15:31:02 | 00,000,000 | ---D | C] -- C:\Users\Main User\AppData\Roaming\Malwarebytes
[2009/12/05 15:30:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/05 15:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/05 15:30:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/05 15:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/05 15:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/22 18:23:43 | 00,000,000 | ---D | C] -- C:\Users\Main User\AppData\Local\Last.fm
========== Files - Modified Within 14 Days ==========
[2009/12/05 15:55:12 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{218AFF1A-8E2D-4E42-B306-A9883AD885CB}.job
[2009/12/05 15:54:09 | 03,407,872 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT
[2009/12/05 15:42:22 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\qauj.sys
[2009/12/05 15:35:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 15:35:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 15:31:00 | 00,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3040329722-2361774634-2980092502-1002UA.job
[2009/12/05 15:31:00 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3040329722-2361774634-2980092502-1002Core.job
[2009/12/05 15:21:54 | 00,001,879 | ---- | M] () -- C:\Users\Main User\Desktop\HijackThis.lnk
[2009/12/05 15:21:50 | 00,524,288 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/05 15:21:50 | 00,065,536 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/05 01:41:34 | 46,173,632 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/05 01:41:34 | 00,112,018 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/04 22:33:34 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/04 22:33:34 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/04 22:33:34 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/04 17:34:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/30 22:12:30 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/30 21:40:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/30 21:40:29 | 21,449,35936 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 18:24:02 | 02,084,043 | -H-- | M] () -- C:\Users\Main User\AppData\Local\IconCache.db
========== Files Created - No Company Name ==========
[2009/12/05 15:42:21 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qauj.sys
[2009/12/05 15:21:54 | 00,001,879 | ---- | C] () -- C:\Users\Main User\Desktop\HijackThis.lnk
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/12 10:55:44 | 00,139,152 | ---- | C] () -- C:\Users\Main User\AppData\Roaming\PnkBstrK.sys
[2009/07/20 20:56:20 | 00,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2009/07/15 09:53:47 | 00,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/06 21:39:19 | 00,000,094 | ---- | C] () -- C:\Users\Main User\AppData\Local\sgoiyem.bat
[2009/06/28 00:39:24 | 00,000,092 | ---- | C] () -- C:\Users\Main User\AppData\Local\qiuwu.bat
[2009/06/15 12:11:56 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/03/26 21:16:14 | 00,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/14 21:41:56 | 00,002,985 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/13 01:53:16 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/13 01:50:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/13 01:50:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/13 01:50:08 | 00,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/13 01:49:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/09 08:32:45 | 00,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/09 08:17:16 | 00,000,915 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/14 14:43:10 | 00,004,608 | ---- | C] () -- C:\Users\Main User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/10 19:36:39 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2008/06/28 19:55:39 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Ableton
[2009/06/05 22:48:37 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Braid
[2009/04/08 13:50:44 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/01/09 19:47:44 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Crayon Physics Deluxe
[2009/03/30 16:25:40 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/03/15 15:08:16 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\GARMIN
[2009/03/30 15:48:28 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/09/14 08:13:10 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\uTorrent
[2009/11/22 18:16:08 | 00,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/06/10 15:34:19 | 00,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/04/04 13:16:47 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\.purple
[2008/06/28 19:55:10 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\Ableton
[2008/06/16 13:32:40 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\GARMIN
[2008/04/04 13:05:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\gtk-2.0
[2009/06/28 00:41:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\live-player
[2009/06/27 17:32:37 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/30 09:51:48 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/05 15:55:12 | 00,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{218AFF1A-8E2D-4E42-B306-A9883AD885CB}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:05:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:05:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 03:05:38 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
OTL Extras logfile created on: 05/12/2009 15:54:31 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Users\Bill and Mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.80% Memory free
4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 367.24 Gb Total Space | 64.57 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINUSER-PC
Current User Name: Main User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05142F4E-61CE-46AC-89ED-E9DBD3D35A1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B7DF08A-AA0E-45D0-B4F3-10179025EE23}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{4A15DB16-ACF4-47BD-A818-45697E99FBBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E3A7902-8754-4466-9078-FE8EA511F037}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6B8BC328-2BBC-4B71-8B2C-F59C1EA55479}" = lport=445 | protocol=6 | dir=in | app=system |
"{8433FE02-D42C-4AA1-9E5C-64D4A8812C21}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D210B7F-6721-44CD-86C0-DB6A6FDE05A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92251375-CAA9-4723-A163-75E1DE78CB1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{9233AF15-DD1A-4A1A-9140-6E434C86EE0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9C289214-E4FC-40B3-92A2-EE2915456FB0}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FB694C5-BE08-4D1A-BAB1-EE961C0422ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A50B6409-4B0A-4FA9-AF9A-9510B8AA0194}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB62143A-B5B5-46AE-8297-D8ECB5341CAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE1E3027-9588-453D-9B8E-0064A1BA35ED}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{F1B21502-968D-4356-9E4D-29D02EFD761D}" = lport=6882 | protocol=6 | dir=in | name=blizzard downloader: 6882 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07331C0B-6D3D-4D5D-9B44-3F5CE6CABA40}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{11B7E499-DDAE-4C14-81C3-45265ACE253E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{178D4DDF-B83B-452A-935E-D62960DCC5E5}" = protocol=58 | dir=out | [email protected],-28546 |
"{1C53855C-35F6-45A4-BBE6-7F685C70D331}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{21C4AFE0-B34B-4AC7-8BF0-165DD142BE8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{220DC721-3329-44DD-86FD-D322A84DEE33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{252F7259-4917-40C5-975B-0FA7C69E5E53}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{393CB7DC-0FF3-4161-902D-EDEDEF00CBA5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3C96587F-ADD0-4798-A17A-67870EBA243F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{48B032C7-2853-4B57-9DC7-50466512A6E8}" = protocol=1 | dir=out | [email protected],-28544 |
"{4E80796C-2B61-44B0-88B7-98C60C105AED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{5073CE53-B51E-4044-A8C4-5C64F31E1AA0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{50AC46A5-3499-4A9D-86F9-055142AA713F}" = protocol=1 | dir=in | [email protected],-28543 |
"{52D3C265-36B6-4420-B23B-719F96D624DB}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5F84DDA6-C747-43F5-8D7B-9EFFE99C1996}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{6F3CCA66-A010-4452-875A-07E9E6610BB1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{745325F5-772D-45BF-85E1-F73C04DFB0D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{83C3FDB1-5C77-4328-90BA-8EB491750040}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{858B7F6B-E638-4088-80B3-0C08BA4059E8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{891F14DC-AD7A-43CB-9EE5-033F41EE034A}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{92AA742C-84F4-418C-8BF1-929A414838FF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{A2AB021C-455C-46AA-9B6B-A949286A1AC5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A9944C82-8796-41FE-8309-0D03E3DC8914}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{AB60501F-102A-4F1E-9413-18C01431B27D}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{B05A2B00-D15B-4544-8622-B4204BCA648F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{B110F710-554A-4B90-A4E8-BE7663E74C4A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B6364180-D19B-4938-B8F1-D8A0A9DA0636}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - spd\dow2.exe |
"{B6B2744E-4AFB-4432-9355-E72C728DE70F}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{B7C9A5CA-ED06-43D5-8DFF-03B8D928D2C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BEE4FFD9-1220-4F77-8843-3A7A42D509BF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C29C1B92-A205-4FFE-94B3-A4B2489928CE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CCF0D93A-4226-47EC-BA36-2742A56BFAED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D120B2EE-F2AC-4C84-95B1-FE7D9EF75EF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4D44BF0-AB96-4229-BFF0-934CE18284F5}" = protocol=58 | dir=in | [email protected],-28545 |
"{D992DC15-B7D7-4438-A74C-739DAE40B20E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{DABC68B4-7E6F-45A3-963C-5B8711EC2EFB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - spd\dow2.exe |
"{DCE92143-CB04-40CE-8F9A-CF1BCD627E95}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E620C275-B8A6-44E0-B080-77B0FF7F7F13}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{E9C2E6D4-890E-428D-81D0-CA11442CCEF2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F6CF1FCE-AC92-4C4E-AFF9-3DB7FEDC346A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE6F69F6-9EBC-447D-89A5-77DEE643AB85}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{FE76ECBD-F13D-4C38-AD3E-50044F343BE4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF8E256C-F2EB-4DD6-9EC9-32CD87AB58CD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{03A67B0D-0AA2-47F4-8288-E131630D4376}C:\users\temp.mainuser-pc\documents\utorrent.exe" = protocol=6 | dir=in | app=c:\users\temp.mainuser-pc\documents\utorrent.exe |
"TCP Query User{0AE280EA-ACFB-42D4-B8B3-2BD4C8315982}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{100FFC8E-10F7-4FA5-8011-038D373B9270}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{15092886-A66D-40B9-B500-8E2CBC0228EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{20B6D4C4-ACEA-4BF6-ACD5-215067F42CAC}C:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe |
"TCP Query User{2AEC3109-4C70-4690-AF9A-D60F7AD6AE2E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{3602EFD6-B7A4-42B2-BFE1-B46F591A6D23}C:\users\bill and mark\documents\utorrent.exe" = protocol=6 | dir=in | app=c:\users\bill and mark\documents\utorrent.exe |
"TCP Query User{428545A3-22C0-4647-8508-D3946B0859EB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{72502BE4-8100-4E6C-82F5-1FDE8F7EDDB6}C:\users\bill and mark\desktop\700_ddi_cb-beta.exe" = protocol=6 | dir=in | app=c:\users\bill and mark\desktop\700_ddi_cb-beta.exe |
"TCP Query User{AABFB016-0A1E-4DD5-980A-08C30568F91C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BE74A936-F77F-4E3F-B761-B2D779D09D7D}C:\program files\ip hider\ip hider.exe" = protocol=6 | dir=in | app=c:\program files\ip hider\ip hider.exe |
"TCP Query User{D9616787-05DD-4675-BCC3-F91E14328754}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E8DD34B2-A6B9-44AA-89F5-D8DA4E2BE6F3}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{014B759A-14B3-4BF8-817E-691ABB2D4A26}C:\users\temp.mainuser-pc\documents\utorrent.exe" = protocol=17 | dir=in | app=c:\users\temp.mainuser-pc\documents\utorrent.exe |
"UDP Query User{08BBEF3E-5F3A-4EAC-B644-2DD7EB1D573E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{358F9052-83BE-4187-8206-01E738F1D017}C:\users\bill and mark\desktop\700_ddi_cb-beta.exe" = protocol=17 | dir=in | app=c:\users\bill and mark\desktop\700_ddi_cb-beta.exe |
"UDP Query User{56D3634E-EF99-4F78-B19F-F297EAB46CAE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{68642A5A-3EA1-46D3-BCC8-9C5CEFBED61D}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{8EB774FE-E608-4C40-A77A-7D8E35897F2C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8FF38E72-FFED-4DC4-AE1B-C8E8D74CAE49}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{9535D8DC-75C4-4ABA-B708-D230C4BDA765}C:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe |
"UDP Query User{96BF97DE-00C7-4471-A10C-AA8AB441AE5F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{9BAF764A-A256-4DE1-998B-4CD59D3F72E2}C:\program files\ip hider\ip hider.exe" = protocol=17 | dir=in | app=c:\program files\ip hider\ip hider.exe |
"UDP Query User{9BCED962-7486-4FF7-B124-455946A3F660}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D27A9518-B04C-4C01-BD78-651242F2EC83}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DD3323E8-A6F0-4DA0-8984-FFB419ECC2F9}C:\users\bill and mark\documents\utorrent.exe" = protocol=17 | dir=in | app=c:\users\bill and mark\documents\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDBDAE0-6FC9-CC7B-CAF4-C94434F9B4C0}" = TweetDeck
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56CE64EA-4AD7-41CA-86F5-40886E642686}" = Caplio RR30 Software
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65AA2584-00B9-4900-B519-1D7FD06FB124}" = Quake Live Mozilla Plugin
"{692DD821-EBF6-481B-91E2-3F3B1AEC70A6}" = MSN Toolbar
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583D2F8-8E7D-40C5-9862-4D218006FB84}" = AVG Identity Protection
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86ADE91C-5971-4DAE-82D7-961F2737B2AD}" = Character Builder Beta
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD045381-7A9F-3FEE-C947-320D1AFF5F1D}" = twhirl
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB2B3C71-CD92-E7D2-2D40-C399464B8C7D}" = Seesmic Desktop
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AVG8Uninstall" = AVG Free 8.5
"CDisplay_is1" = CDisplay 1.8
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Creative Live! Central" = Creative Live! Central
"Creative VF0560" = Creative Live! Cam Optia AF (VF0560) Driver (1.00.06.00)
"CurseClient" = Curse Client
"doPDF 6 printer_is1" = doPDF 6.0 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GridMove_is1" = GridMove V1.19.59
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 7.0.3" = Live 7.0.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Phun_is1" = Phun beta 3.5
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"PopCap Browser Plugin" = PopCap Browser Plugin
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"sgoiyem" = Favorit
"Steam App 15680" = Warhammer 40,000: Dawn of War II - Single-player Demo
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 410" = Portal: The First Slice
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename 3.3.5
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Shoddy Battle" = Shoddy Battle
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >