Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mouse Stops Working After A Few Clicks

Started by Llama_Bill , Dec 05 2009 10:06 AM

  • Please log in to reply

#1
Llama_Bill
Posted 05 December 2009 - 10:06 AM

Llama_Bill

    New Member

  • Member
  • Pip
  • 1 posts
I am trying to fix the family computer that as managed to get some type of infection while I was away. The Mouse stops working after a few clicks but will start working again if I press Ctrl+Alt+Del, after that I can click cancel and everything will work as normal until the mouse stops clicking. I think I should say that the mouse cursor will always move but the clicks will not regester.


Malwarebytes' Anti-Malware 1.42
Database version: 3300
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05/12/2009 15:50:09
mbam-log-2009-12-05 (15-50-09).txt

Scan type: Quick Scan
Objects scanned: 113708
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b05a613-988e-4fa1-b2d7-55a1145fd1ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://windowsisearch.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windowsisearc...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/05 15:53
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D6F5000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D6EA000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x98FC7000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1320 Status: Locked to the Windows API!

==EOF==


OTL logfile created on: 05/12/2009 15:54:31 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Users\Bill and Mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.80% Memory free
4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 367.24 Gb Total Space | 64.57 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINUSER-PC
Current User Name: Main User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/05 15:29:04 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill and Mark\Desktop\OTL.exe
PRC - [2009/11/25 18:24:15 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/14 15:26:44 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Bill and Mark\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/17 08:45:25 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/17 08:45:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 08:45:22 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/17 08:45:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/17 08:45:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/15 09:12:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/06/24 14:37:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/26 11:46:22 | 01,579,528 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
PRC - [2009/02/26 11:46:22 | 00,563,720 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2008/12/29 14:59:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 07:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/09/29 03:01:04 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/03/01 14:38:48 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 09:45:59 | 00,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2009/12/05 15:29:04 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill and Mark\Desktop\OTL.exe
MOD - [2009/08/17 08:45:26 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (LiveUpdate Notice Ex)
SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/11/14 15:25:45 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/17 08:45:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/17 08:45:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/15 09:12:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/26 11:46:22 | 00,563,720 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher)
SRV - [2009/02/26 11:46:20 | 05,576,712 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:36:49 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 07:36:15 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/29 03:01:04 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 01:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\S-1-5-21-3040329722-2361774634-2980092502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\S-1-5-21-3040329722-2361774634-2980092502-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.machall.c...hp?date=020228"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.20090621
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:29:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 18:38:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/15 18:38:27 | 00,000,000 | ---D | M]

[2008/09/14 21:24:17 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Extensions
[2009/09/07 12:49:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/05 14:40:11 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/06/24 13:31:56 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2007/08/10 19:19:00 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/04/12 16:51:06 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/05 14:40:11 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/12 16:51:09 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/12 16:51:10 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/07/05 14:40:09 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/06/24 13:31:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/06/27 04:58:51 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2008/06/13 11:09:38 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/08/11 13:14:53 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2007/08/10 19:18:59 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2007/08/10 19:18:59 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/04/12 16:51:04 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\[email protected]
[2009/09/07 12:49:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\staged-xpis
[2007/08/10 19:19:00 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\mozilla\Firefox\Profiles\rminzgsm.default\extensions\temp
[2007/09/21 18:26:19 | 00,002,092 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\demonoid.xml
[2007/09/21 18:26:18 | 00,001,654 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\dogpile.xml
[2009/07/08 10:10:57 | 00,002,614 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\gamefaqs.xml
[2009/03/15 15:20:00 | 00,000,908 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\IMDB.xml
[2009/07/08 10:10:57 | 00,001,713 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\MagicCards.xml
[2007/09/21 18:26:19 | 00,001,110 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\pirate-bay.xml
[2008/09/14 01:20:19 | 00,000,273 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\search.xml
[2009/03/15 15:20:01 | 00,001,316 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\the-gatherer-v2.xml
[2006/11/30 18:30:42 | 00,001,025 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\FireFox\Profiles\rminzgsm.default\searchplugins\wikipedia-english.xml
[2009/08/11 13:14:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 12:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/24 12:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/24 12:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/24 12:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (263327 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [Google Update] C:\Users\Bill and Mark\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Bill and Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Users\Bill and Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Main User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Users\Marie and Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 119 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 119 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1000\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3040329722-2361774634-2980092502-1002\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10b1dc39-48d7-11dc-913a-001921d64b5c}\Shell\Auto\command - "" = udisk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/24 02:49:17 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/05 15:31:02 | 00,000,000 | ---D | C] -- C:\Users\Main User\AppData\Roaming\Malwarebytes
[2009/12/05 15:30:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/05 15:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/05 15:30:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/05 15:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/05 15:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/22 18:23:43 | 00,000,000 | ---D | C] -- C:\Users\Main User\AppData\Local\Last.fm

========== Files - Modified Within 14 Days ==========

[2009/12/05 15:55:12 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{218AFF1A-8E2D-4E42-B306-A9883AD885CB}.job
[2009/12/05 15:54:09 | 03,407,872 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT
[2009/12/05 15:42:22 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\qauj.sys
[2009/12/05 15:35:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 15:35:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/05 15:31:00 | 00,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3040329722-2361774634-2980092502-1002UA.job
[2009/12/05 15:31:00 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3040329722-2361774634-2980092502-1002Core.job
[2009/12/05 15:21:54 | 00,001,879 | ---- | M] () -- C:\Users\Main User\Desktop\HijackThis.lnk
[2009/12/05 15:21:50 | 00,524,288 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/05 15:21:50 | 00,065,536 | -HS- | M] () -- C:\Users\Main User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/05 01:41:34 | 46,173,632 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/05 01:41:34 | 00,112,018 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/04 22:33:34 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/04 22:33:34 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/04 22:33:34 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/04 17:34:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/30 22:12:30 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/30 21:40:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/30 21:40:29 | 21,449,35936 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 18:24:02 | 02,084,043 | -H-- | M] () -- C:\Users\Main User\AppData\Local\IconCache.db

========== Files Created - No Company Name ==========

[2009/12/05 15:42:21 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qauj.sys
[2009/12/05 15:21:54 | 00,001,879 | ---- | C] () -- C:\Users\Main User\Desktop\HijackThis.lnk
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/12 10:55:44 | 00,139,152 | ---- | C] () -- C:\Users\Main User\AppData\Roaming\PnkBstrK.sys
[2009/07/20 20:56:20 | 00,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2009/07/15 09:53:47 | 00,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/06 21:39:19 | 00,000,094 | ---- | C] () -- C:\Users\Main User\AppData\Local\sgoiyem.bat
[2009/06/28 00:39:24 | 00,000,092 | ---- | C] () -- C:\Users\Main User\AppData\Local\qiuwu.bat
[2009/06/15 12:11:56 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/03/26 21:16:14 | 00,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/14 21:41:56 | 00,002,985 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/13 01:53:16 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/13 01:50:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/13 01:50:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/13 01:50:08 | 00,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/13 01:49:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/09 08:32:45 | 00,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/09 08:17:16 | 00,000,915 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/14 14:43:10 | 00,004,608 | ---- | C] () -- C:\Users\Main User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/10 19:36:39 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/06/28 19:55:39 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Ableton
[2009/06/05 22:48:37 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Braid
[2009/04/08 13:50:44 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/01/09 19:47:44 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\Crayon Physics Deluxe
[2009/03/30 16:25:40 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/03/15 15:08:16 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\GARMIN
[2009/03/30 15:48:28 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/09/14 08:13:10 | 00,000,000 | ---D | M] -- C:\Users\Bill and Mark\AppData\Roaming\uTorrent
[2009/11/22 18:16:08 | 00,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/06/10 15:34:19 | 00,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/04/04 13:16:47 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\.purple
[2008/06/28 19:55:10 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\Ableton
[2008/06/16 13:32:40 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\GARMIN
[2008/04/04 13:05:57 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\gtk-2.0
[2009/06/28 00:41:44 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\live-player
[2009/06/27 17:32:37 | 00,000,000 | ---D | M] -- C:\Users\Main User\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/30 09:51:48 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/05 15:55:12 | 00,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{218AFF1A-8E2D-4E42-B306-A9883AD885CB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:05:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:05:39 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 03:05:38 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 05/12/2009 15:54:31 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Users\Bill and Mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.80% Memory free
4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 367.24 Gb Total Space | 64.57 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINUSER-PC
Current User Name: Main User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05142F4E-61CE-46AC-89ED-E9DBD3D35A1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B7DF08A-AA0E-45D0-B4F3-10179025EE23}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{4A15DB16-ACF4-47BD-A818-45697E99FBBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E3A7902-8754-4466-9078-FE8EA511F037}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6B8BC328-2BBC-4B71-8B2C-F59C1EA55479}" = lport=445 | protocol=6 | dir=in | app=system |
"{8433FE02-D42C-4AA1-9E5C-64D4A8812C21}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D210B7F-6721-44CD-86C0-DB6A6FDE05A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92251375-CAA9-4723-A163-75E1DE78CB1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{9233AF15-DD1A-4A1A-9140-6E434C86EE0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9C289214-E4FC-40B3-92A2-EE2915456FB0}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FB694C5-BE08-4D1A-BAB1-EE961C0422ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A50B6409-4B0A-4FA9-AF9A-9510B8AA0194}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB62143A-B5B5-46AE-8297-D8ECB5341CAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE1E3027-9588-453D-9B8E-0064A1BA35ED}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{F1B21502-968D-4356-9E4D-29D02EFD761D}" = lport=6882 | protocol=6 | dir=in | name=blizzard downloader: 6882 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07331C0B-6D3D-4D5D-9B44-3F5CE6CABA40}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{11B7E499-DDAE-4C14-81C3-45265ACE253E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{178D4DDF-B83B-452A-935E-D62960DCC5E5}" = protocol=58 | dir=out | [email protected],-28546 |
"{1C53855C-35F6-45A4-BBE6-7F685C70D331}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{21C4AFE0-B34B-4AC7-8BF0-165DD142BE8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{220DC721-3329-44DD-86FD-D322A84DEE33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{252F7259-4917-40C5-975B-0FA7C69E5E53}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{393CB7DC-0FF3-4161-902D-EDEDEF00CBA5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3C96587F-ADD0-4798-A17A-67870EBA243F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{48B032C7-2853-4B57-9DC7-50466512A6E8}" = protocol=1 | dir=out | [email protected],-28544 |
"{4E80796C-2B61-44B0-88B7-98C60C105AED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{5073CE53-B51E-4044-A8C4-5C64F31E1AA0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{50AC46A5-3499-4A9D-86F9-055142AA713F}" = protocol=1 | dir=in | [email protected],-28543 |
"{52D3C265-36B6-4420-B23B-719F96D624DB}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5F84DDA6-C747-43F5-8D7B-9EFFE99C1996}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{6F3CCA66-A010-4452-875A-07E9E6610BB1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{745325F5-772D-45BF-85E1-F73C04DFB0D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{83C3FDB1-5C77-4328-90BA-8EB491750040}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{858B7F6B-E638-4088-80B3-0C08BA4059E8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{891F14DC-AD7A-43CB-9EE5-033F41EE034A}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{92AA742C-84F4-418C-8BF1-929A414838FF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{A2AB021C-455C-46AA-9B6B-A949286A1AC5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A9944C82-8796-41FE-8309-0D03E3DC8914}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{AB60501F-102A-4F1E-9413-18C01431B27D}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{B05A2B00-D15B-4544-8622-B4204BCA648F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{B110F710-554A-4B90-A4E8-BE7663E74C4A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B6364180-D19B-4938-B8F1-D8A0A9DA0636}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - spd\dow2.exe |
"{B6B2744E-4AFB-4432-9355-E72C728DE70F}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{B7C9A5CA-ED06-43D5-8DFF-03B8D928D2C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BEE4FFD9-1220-4F77-8843-3A7A42D509BF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C29C1B92-A205-4FFE-94B3-A4B2489928CE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CCF0D93A-4226-47EC-BA36-2742A56BFAED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D120B2EE-F2AC-4C84-95B1-FE7D9EF75EF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4D44BF0-AB96-4229-BFF0-934CE18284F5}" = protocol=58 | dir=in | [email protected],-28545 |
"{D992DC15-B7D7-4438-A74C-739DAE40B20E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{DABC68B4-7E6F-45A3-963C-5B8711EC2EFB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - spd\dow2.exe |
"{DCE92143-CB04-40CE-8F9A-CF1BCD627E95}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E620C275-B8A6-44E0-B080-77B0FF7F7F13}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{E9C2E6D4-890E-428D-81D0-CA11442CCEF2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F6CF1FCE-AC92-4C4E-AFF9-3DB7FEDC346A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE6F69F6-9EBC-447D-89A5-77DEE643AB85}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{FE76ECBD-F13D-4C38-AD3E-50044F343BE4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF8E256C-F2EB-4DD6-9EC9-32CD87AB58CD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{03A67B0D-0AA2-47F4-8288-E131630D4376}C:\users\temp.mainuser-pc\documents\utorrent.exe" = protocol=6 | dir=in | app=c:\users\temp.mainuser-pc\documents\utorrent.exe |
"TCP Query User{0AE280EA-ACFB-42D4-B8B3-2BD4C8315982}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{100FFC8E-10F7-4FA5-8011-038D373B9270}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{15092886-A66D-40B9-B500-8E2CBC0228EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{20B6D4C4-ACEA-4BF6-ACD5-215067F42CAC}C:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe |
"TCP Query User{2AEC3109-4C70-4690-AF9A-D60F7AD6AE2E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{3602EFD6-B7A4-42B2-BFE1-B46F591A6D23}C:\users\bill and mark\documents\utorrent.exe" = protocol=6 | dir=in | app=c:\users\bill and mark\documents\utorrent.exe |
"TCP Query User{428545A3-22C0-4647-8508-D3946B0859EB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{72502BE4-8100-4E6C-82F5-1FDE8F7EDDB6}C:\users\bill and mark\desktop\700_ddi_cb-beta.exe" = protocol=6 | dir=in | app=c:\users\bill and mark\desktop\700_ddi_cb-beta.exe |
"TCP Query User{AABFB016-0A1E-4DD5-980A-08C30568F91C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BE74A936-F77F-4E3F-B761-B2D779D09D7D}C:\program files\ip hider\ip hider.exe" = protocol=6 | dir=in | app=c:\program files\ip hider\ip hider.exe |
"TCP Query User{D9616787-05DD-4675-BCC3-F91E14328754}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E8DD34B2-A6B9-44AA-89F5-D8DA4E2BE6F3}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{014B759A-14B3-4BF8-817E-691ABB2D4A26}C:\users\temp.mainuser-pc\documents\utorrent.exe" = protocol=17 | dir=in | app=c:\users\temp.mainuser-pc\documents\utorrent.exe |
"UDP Query User{08BBEF3E-5F3A-4EAC-B644-2DD7EB1D573E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{358F9052-83BE-4187-8206-01E738F1D017}C:\users\bill and mark\desktop\700_ddi_cb-beta.exe" = protocol=17 | dir=in | app=c:\users\bill and mark\desktop\700_ddi_cb-beta.exe |
"UDP Query User{56D3634E-EF99-4F78-B19F-F297EAB46CAE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{68642A5A-3EA1-46D3-BCC8-9C5CEFBED61D}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{8EB774FE-E608-4C40-A77A-7D8E35897F2C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8FF38E72-FFED-4DC4-AE1B-C8E8D74CAE49}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{9535D8DC-75C4-4ABA-B708-D230C4BDA765}C:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\llamabill\team fortress 2\hl2.exe |
"UDP Query User{96BF97DE-00C7-4471-A10C-AA8AB441AE5F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{9BAF764A-A256-4DE1-998B-4CD59D3F72E2}C:\program files\ip hider\ip hider.exe" = protocol=17 | dir=in | app=c:\program files\ip hider\ip hider.exe |
"UDP Query User{9BCED962-7486-4FF7-B124-455946A3F660}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D27A9518-B04C-4C01-BD78-651242F2EC83}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DD3323E8-A6F0-4DA0-8984-FFB419ECC2F9}C:\users\bill and mark\documents\utorrent.exe" = protocol=17 | dir=in | app=c:\users\bill and mark\documents\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDBDAE0-6FC9-CC7B-CAF4-C94434F9B4C0}" = TweetDeck
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56CE64EA-4AD7-41CA-86F5-40886E642686}" = Caplio RR30 Software
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65AA2584-00B9-4900-B519-1D7FD06FB124}" = Quake Live Mozilla Plugin
"{692DD821-EBF6-481B-91E2-3F3B1AEC70A6}" = MSN Toolbar
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583D2F8-8E7D-40C5-9862-4D218006FB84}" = AVG Identity Protection
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86ADE91C-5971-4DAE-82D7-961F2737B2AD}" = Character Builder Beta
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD045381-7A9F-3FEE-C947-320D1AFF5F1D}" = twhirl
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB2B3C71-CD92-E7D2-2D40-C399464B8C7D}" = Seesmic Desktop
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AVG8Uninstall" = AVG Free 8.5
"CDisplay_is1" = CDisplay 1.8
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Creative Live! Central" = Creative Live! Central
"Creative VF0560" = Creative Live! Cam Optia AF (VF0560) Driver (1.00.06.00)
"CurseClient" = Curse Client
"doPDF 6 printer_is1" = doPDF 6.0 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GridMove_is1" = GridMove V1.19.59
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 7.0.3" = Live 7.0.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Phun_is1" = Phun beta 3.5
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"PopCap Browser Plugin" = PopCap Browser Plugin
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"sgoiyem" = Favorit
"Steam App 15680" = Warhammer 40,000: Dawn of War II - Single-player Demo
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 410" = Portal: The First Slice
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename 3.3.5
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3040329722-2361774634-2980092502-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Shoddy Battle" = Shoddy Battle

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP