Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant tell if theres something wrong, any alarm bells?


  • This topic is locked This topic is locked

#1
aneiring

aneiring

    Member

  • Member
  • PipPip
  • 19 posts
my computer seems unable to cope with multi tasking and my internet seems really slow from time to time although im asking little of it...im not sure whats wrong...


OTL logfile created on: 26/10/2011 00:17:34 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aneirin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.78% Memory free
4.23 Gb Paging File | 2.50 Gb Available in Paging File | 59.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 52.20 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Drive E: | 967.73 Mb Total Space | 354.09 Mb Free Space | 36.59% Space Free | Partition Type: FAT

Computer Name: ANEIRIN-PC | User Name: aneirin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aneirin.\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe (SupportSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Winamp\System\png.w5s ()
MOD - C:\Program Files\Winamp\System\xml.w5s ()
MOD - C:\Program Files\Winamp\System\playlist.w5s ()
MOD - C:\Program Files\Winamp\tataki.dll ()
MOD - C:\Program Files\Winamp\zlib.dll ()
MOD - C:\Program Files\Winamp\System\timer.w5s ()
MOD - C:\Program Files\Winamp\System\tagz.w5s ()
MOD - C:\Program Files\Winamp\System\primo.w5s ()
MOD - C:\Program Files\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files\Winamp\System\auth.w5s ()
MOD - C:\Program Files\Winamp\System\jpeg.w5s ()
MOD - C:\Program Files\Winamp\System\devices.w5s ()
MOD - C:\Program Files\Winamp\System\albumart.w5s ()
MOD - C:\Program Files\Winamp\System\gif.w5s ()
MOD - C:\Program Files\Winamp\System\bmp.w5s ()
MOD - C:\Program Files\Winamp\System\dlmgr.w5s ()
MOD - C:\Program Files\Winamp\System\gracenote.w5s ()
MOD - C:\Program Files\Winamp\System\filereader.w5s ()
MOD - C:\Program Files\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_wifi.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_android.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_usb.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_disk.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_dropbox.dll ()
MOD - C:\Program Files\Winamp\Plugins\lame_enc.dll ()
MOD - C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_devices.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_plg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_avi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flac.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_impex.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_orgler.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mkv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flv.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_rg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_transcode.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_autotag.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_swf.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files\Winamp\nsutil.dll ()
MOD - C:\Program Files\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Winamp\libFLAC.dll ()
MOD - C:\Program Files\Winamp\nde.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (lxcy_device) -- C:\Windows\System32\lxcycoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BELKIN) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation. )
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/12/06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_InfectedMushroom = C:\Users\Aneirin.\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobnnindgjlefbclgkdfgjaikcdiaone\3_0\

O1 HOSTS File: ([2009/08/11 04:51:17 | 000,000,241 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 „
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001274D2-44D2-4A0F-BEE9-3A6A64394BA3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{361E999F-CEC8-4C68-B480-FE58A35F4384}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71EA444E-A7E6-4A96-B026-67FCE90D42AA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE083E46-F9E7-4E47-8147-DD3C2AE80349}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aneirin.\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aneirin.\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d569793-55c6-11df-92f9-001aa05cf89b}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\{17697354-4faa-11df-a4bf-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{17697354-4faa-11df-a4bf-001aa05cf89b}\Shell\AutoRun\command - "" = L:\HPLauncher.exe
O33 - MountPoints2\{53a8d430-7faf-11e0-a557-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{53a8d430-7faf-11e0-a557-001aa05cf89b}\Shell\AutoRun\command - "" = F:\SafeStick.exe
O33 - MountPoints2\{ee46ecd0-b32c-11dd-83c3-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{ee46ecd0-b32c-11dd-83c3-001aa05cf89b}\Shell\AutoRun\command - "" = M:\Setup.now.exe
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell - "" = Autorun
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-2-9-53-100002163-100027543-100020212-1119.com f:\
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell\Open\command - "" = F:\RECYCLER\S-2-9-53-100002163-100027543-100020212-1119.com f:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 00:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/26 00:23:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/10/25 23:00:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\aneirin\Desktop\OTL.exe
[2011/10/25 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\aneirin\Desktop\mum
[2011/10/14 03:17:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/14 03:16:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/14 03:16:55 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/14 03:16:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/14 03:16:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 17:51:25 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/13 17:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/13 17:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/13 03:33:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 03:33:49 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 03:33:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 03:33:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 03:33:48 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 03:31:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/13 03:31:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2006/02/20 20:44:44 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2006/02/20 20:36:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2006/02/20 20:35:54 | 000,385,024 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2006/02/20 20:24:42 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2006/02/20 20:24:30 | 000,536,576 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2006/02/20 20:23:16 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2006/02/20 20:23:08 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2006/02/20 20:22:16 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2006/02/20 20:21:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2006/02/20 20:21:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2006/02/20 20:15:16 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2006/02/20 20:06:52 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2006/02/20 20:03:02 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/26 00:28:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55EECB90-DEDC-4324-80B9-F39B337A8F14}.job
[2011/10/26 00:25:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 00:17:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\aneirin\Desktop\OTL.exe
[2011/10/25 23:37:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 23:37:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 22:31:28 | 000,011,628 | ---- | M] () -- C:\Users\aneirin\hijackthis2
[2011/10/25 16:25:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 17:22:52 | 000,617,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 17:22:52 | 000,111,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 11:38:06 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/24 11:37:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/24 11:37:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 11:37:23 | 2145,804,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 01:37:36 | 000,157,696 | ---- | M] () -- C:\Users\aneirin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 18:07:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 18:07:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/14 03:45:31 | 001,720,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 17:51:26 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/05 18:28:56 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/27 02:36:44 | 000,008,160 | ---- | M] () -- C:\Users\aneirin\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/26 00:26:40 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/25 22:31:28 | 000,011,628 | ---- | C] () -- C:\Users\aneirin\hijackthis2
[2011/10/24 11:38:01 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/13 17:51:26 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/04/24 14:54:46 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/24 14:54:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/16 22:47:49 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/16 22:47:43 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/16 22:47:43 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/16 22:47:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/23 21:49:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 21:49:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/16 14:29:38 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/08/16 14:29:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/08/16 14:29:38 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/08/16 14:13:08 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/13 00:37:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/06/13 00:37:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/06/13 00:37:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/10 11:40:33 | 000,008,160 | ---- | C] () -- C:\Users\aneirin\AppData\Local\d3d9caps.dat
[2009/02/01 22:06:14 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/15 15:40:33 | 000,000,095 | ---- | C] () -- C:\Users\aneirin\AppData\Local\fusioncache.dat
[2009/01/15 15:32:14 | 000,022,328 | ---- | C] () -- C:\Users\aneirin\AppData\Roaming\PnkBstrK.sys
[2008/12/24 04:01:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/17 18:34:08 | 000,001,118 | ---- | C] () -- C:\Users\aneirin\AppData\Roaming\wklnhst.dat
[2008/10/24 12:48:50 | 000,000,071 | ---- | C] () -- C:\Windows\pex.INI
[2008/10/21 22:53:00 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/10/21 22:51:35 | 008,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/10/21 22:47:13 | 020,976,776 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/19 12:13:21 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/06/29 21:46:11 | 000,157,696 | ---- | C] () -- C:\Users\aneirin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 01:18:05 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2008/06/23 18:51:22 | 000,000,768 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/23 18:44:54 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/06/16 17:54:48 | 000,303,104 | ---- | C] () -- C:\Windows\System32\lxcycoin.dll
[2008/06/11 01:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/24 03:24:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/24 03:24:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/24 03:24:13 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/04/24 03:24:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/04/24 03:24:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/04/24 03:24:09 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/04/23 20:38:16 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/23 20:38:16 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/04/23 20:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,720,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,617,088 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,111,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
[2006/01/25 23:11:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcycnv4.dll
[2006/01/25 17:05:24 | 000,684,032 | ---- | C] () -- C:\Windows\System32\lxcydrs.dll
[2006/01/23 07:47:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcycaps.dll
[2005/07/08 09:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcyvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CFAFAA98
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?
  • 0

#3
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
thanks man :) il get on it now
  • 0

#4
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
well my computer cant seem to handle running more than one thing at a time my internet keeps crashing and streaming is impossible most of the time
  • 0

#5
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
well my computer doesnt seem capable of running more than one thing at a time the internet keeps crashing and i cant stream things
  • 0

#6
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
heres the gmer txt

Attached Files

  • Attached File  Gmer.txt   182.68KB   26 downloads

  • 0

#7
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 28/10/2011 00:10:37 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aneirin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 39.94% Memory free
4.23 Gb Paging File | 2.74 Gb Available in Paging File | 64.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 53.19 Gb Free Space | 18.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS

Computer Name: ANEIRIN-PC | User Name: aneirin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Users\Aneirin.\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Users\Aneirin.\Desktop\gmer.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe (SupportSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\14.0.835.202\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\14.0.835.202\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\14.0.835.202\avcodec-53.dll ()
MOD - C:\Users\Aneirin.\Desktop\gmer.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2813.36842__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2813.37035__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2813.37063__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2813.36799__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2813.36855__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2813.37054__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2813.36834__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2813.36951__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2813.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2813.37092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2813.37014__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2813.37022__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2813.37097__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2813.37028__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2813.36813__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2813.37021__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2813.37056__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2813.36960__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2813.36867__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2813.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2813.37134__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2813.37042__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2813.36945__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2813.36861__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2813.36980__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2813.37133__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2813.36959__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2813.37085__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2813.36873__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2813.36979__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2813.37001__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2813.37015__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2813.36953__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2813.36952__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2791.31988__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2813.36959__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2791.32434__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2791.32016__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2791.32000__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2791.31999__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2791.32016__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2791.32015__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2791.32024__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2791.32011__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2791.32025__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2791.32002__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2791.32025__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2791.32015__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2791.31999__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2791.31995__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2791.32006__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2791.31987__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2791.32001__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2813.36828__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2813.37077__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2813.37076__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2791.31996__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2813.37120__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2791.31993__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2791.32039__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2791.32009__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2813.36790__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2813.36807__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2813.36792__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2813.36792__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2813.36791__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2813.36790__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2791.32008__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2791.32004__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2813.37077__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2791.32010__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2791.32030__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (lxcy_device) -- C:\Windows\System32\lxcycoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BELKIN) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation. )
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.4.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.10.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6.1980
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.1070
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1980
FF - prefs.js..extensions.enabledItems: [email protected]om:1.1.6.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6.1980
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.21.1980
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.2470
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.2470
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.0070
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.2470
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.1070
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.2470
FF - prefs.js..extensions.enabledItems: [email protected]:5.4.0.2470
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.9.1980

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/10/26 10:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aneirin.\AppData\Roaming\Mozilla\Extensions
[2011/10/26 10:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aneirin.\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 11:17:11 | 000,000,503 | ---- | M] () -- C:\Users\Aneirin.\AppData\Roaming\Philips-Songbird\Profiles\3qzqnc7e.default\searchplugins\7digital.xml
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips Branding) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (LikeMusic) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips Promotions) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2011/10/26 10:36:23 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/12/06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_InfectedMushroom = C:\Users\Aneirin.\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobnnindgjlefbclgkdfgjaikcdiaone\3_0\

O1 HOSTS File: ([2009/08/11 04:51:17 | 000,000,241 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 „
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000..\Run: [sbitunesagent] C:\Program Files\Philips\Philips Songbird\songbirditunesagent.exe ()
O4 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001274D2-44D2-4A0F-BEE9-3A6A64394BA3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{361E999F-CEC8-4C68-B480-FE58A35F4384}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71EA444E-A7E6-4A96-B026-67FCE90D42AA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE083E46-F9E7-4E47-8147-DD3C2AE80349}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aneirin.\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aneirin.\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d569793-55c6-11df-92f9-001aa05cf89b}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\{17697354-4faa-11df-a4bf-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{17697354-4faa-11df-a4bf-001aa05cf89b}\Shell\AutoRun\command - "" = L:\HPLauncher.exe
O33 - MountPoints2\{53a8d430-7faf-11e0-a557-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{53a8d430-7faf-11e0-a557-001aa05cf89b}\Shell\AutoRun\command - "" = F:\SafeStick.exe
O33 - MountPoints2\{bf13e207-ffb1-11e0-b062-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{bf13e207-ffb1-11e0-b062-001aa05cf89b}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{ee46ecd0-b32c-11dd-83c3-001aa05cf89b}\Shell - "" = AutoRun
O33 - MountPoints2\{ee46ecd0-b32c-11dd-83c3-001aa05cf89b}\Shell\AutoRun\command - "" = M:\Setup.now.exe
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell - "" = Autorun
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-2-9-53-100002163-100027543-100020212-1119.com f:\
O33 - MountPoints2\{ee46ed97-b32c-11dd-83c3-001aa05cf89b}\Shell\Open\command - "" = F:\RECYCLER\S-2-9-53-100002163-100027543-100020212-1119.com f:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 11:17:14 | 000,000,000 | ---D | C] -- C:\Temp
[2011/10/26 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\aneirin\AppData\Roaming\Mozilla
[2011/10/26 10:26:45 | 000,000,000 | ---D | C] -- C:\Users\aneirin\AppData\Local\Philips-Songbird
[2011/10/26 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\aneirin\AppData\Roaming\Philips-Songbird
[2011/10/26 10:25:39 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/10/26 10:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
[2011/10/26 10:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2011/10/26 10:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2011/10/26 02:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/10/26 00:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/25 23:00:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\aneirin\Desktop\OTL.exe
[2011/10/14 03:17:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/14 03:16:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/14 03:16:55 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/14 03:16:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/14 03:16:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 17:51:25 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/13 17:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/13 17:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/13 03:33:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 03:33:49 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 03:33:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 03:33:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 03:33:48 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 03:31:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/13 03:31:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2006/02/20 20:44:44 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2006/02/20 20:36:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2006/02/20 20:35:54 | 000,385,024 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2006/02/20 20:24:42 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2006/02/20 20:24:30 | 000,536,576 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2006/02/20 20:23:16 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2006/02/20 20:23:08 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2006/02/20 20:22:16 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2006/02/20 20:21:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2006/02/20 20:21:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2006/02/20 20:15:16 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2006/02/20 20:06:52 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2006/02/20 20:03:02 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/28 00:13:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55EECB90-DEDC-4324-80B9-F39B337A8F14}.job
[2011/10/28 00:06:48 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 00:06:48 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 23:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/27 16:25:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 11:04:03 | 000,174,606 | ---- | M] () -- C:\Users\aneirin\Documents\308203_248415735207194_100001163073996_665189_2123858302_n.jpg
[2011/10/26 10:24:06 | 000,001,044 | ---- | M] () -- C:\Users\aneirin\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
[2011/10/26 10:24:06 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Philips Songbird.lnk
[2011/10/26 10:18:29 | 000,617,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/26 10:18:29 | 000,111,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/26 10:07:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/26 10:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 10:06:29 | 2145,783,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 02:53:09 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/26 02:53:09 | 000,001,854 | ---- | M] () -- C:\Users\aneirin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/26 00:32:03 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/26 00:17:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\aneirin\Desktop\OTL.exe
[2011/10/25 22:31:28 | 000,011,628 | ---- | M] () -- C:\Users\aneirin\hijackthis2
[2011/10/24 01:37:36 | 000,157,696 | ---- | M] () -- C:\Users\aneirin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 18:07:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/23 18:07:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/14 03:45:31 | 001,720,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 17:51:26 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/05 18:28:56 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 23:11:43 | 000,302,592 | ---- | C] () -- C:\Users\aneirin\Desktop\gmer.exe
[2011/10/26 11:04:03 | 000,174,606 | ---- | C] () -- C:\Users\aneirin\Documents\308203_248415735207194_100001163073996_665189_2123858302_n.jpg
[2011/10/26 10:24:06 | 000,001,044 | ---- | C] () -- C:\Users\aneirin\Application Data\Microsoft\Internet Explorer\Quick Launch\Philips Songbird.lnk
[2011/10/26 10:24:06 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Philips Songbird.lnk
[2011/10/26 02:53:09 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/26 02:53:09 | 000,001,854 | ---- | C] () -- C:\Users\aneirin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/26 02:53:08 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/26 00:32:03 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/26 00:26:40 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/25 22:31:28 | 000,011,628 | ---- | C] () -- C:\Users\aneirin\hijackthis2
[2011/10/13 17:51:26 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/04/24 14:54:46 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/24 14:54:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/16 22:47:49 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/16 22:47:43 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/16 22:47:43 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/16 22:47:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/23 21:49:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 21:49:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/16 14:29:38 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/08/16 14:29:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/08/16 14:29:38 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/08/16 14:13:08 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/13 00:37:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/06/13 00:37:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/06/13 00:37:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/10 11:40:33 | 000,008,160 | ---- | C] () -- C:\Users\aneirin\AppData\Local\d3d9caps.dat
[2009/02/01 22:06:14 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/15 15:40:33 | 000,000,095 | ---- | C] () -- C:\Users\aneirin\AppData\Local\fusioncache.dat
[2009/01/15 15:32:14 | 000,022,328 | ---- | C] () -- C:\Users\aneirin\AppData\Roaming\PnkBstrK.sys
[2008/12/24 04:01:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/17 18:34:08 | 000,001,118 | ---- | C] () -- C:\Users\aneirin\AppData\Roaming\wklnhst.dat
[2008/10/24 12:48:50 | 000,000,071 | ---- | C] () -- C:\Windows\pex.INI
[2008/10/21 22:53:00 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/10/21 22:51:35 | 008,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/10/21 22:47:13 | 020,976,776 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/19 12:13:21 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/06/29 21:46:11 | 000,157,696 | ---- | C] () -- C:\Users\aneirin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 01:18:05 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2008/06/23 18:51:22 | 000,000,768 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/23 18:44:54 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/06/16 17:54:48 | 000,303,104 | ---- | C] () -- C:\Windows\System32\lxcycoin.dll
[2008/06/11 01:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/24 03:24:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/24 03:24:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/24 03:24:13 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/04/24 03:24:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/04/24 03:24:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/04/24 03:24:09 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/04/23 20:38:16 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/23 20:38:16 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/04/23 20:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,720,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,617,088 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,111,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
[2006/01/25 23:11:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcycnv4.dll
[2006/01/25 17:05:24 | 000,684,032 | ---- | C] () -- C:\Windows\System32\lxcydrs.dll
[2006/01/23 07:47:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcycaps.dll
[2005/07/08 09:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcyvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CFAFAA98
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

extras -

OTL Extras logfile created on: 28/10/2011 00:10:37 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aneirin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 39.94% Memory free
4.23 Gb Paging File | 2.74 Gb Available in Paging File | 64.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 53.19 Gb Free Space | 18.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS

Computer Name: ANEIRIN-PC | User Name: aneirin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D71B2F-D339-41F8-A636-70D4EC10CF40}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{0EC6E3C2-411C-49C0-9FE5-1D1B153BC51B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11BE5D1E-353C-4D8F-BACB-51B7D1BB80DF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{12737127-BA87-47AD-A39A-9B97D15D87BF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{167A4D27-6204-4D9E-9BFB-445A48EF891D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{1A4DC206-4E47-45DE-8281-38755122DDB6}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{21AEEAC9-6D20-4367-A145-DBDCA71A7610}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D151614-847C-4446-988A-E3711B80E047}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E380924-EB19-4A39-B3B6-98DFE7F3455F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{30F7D465-AC52-48DA-9770-0F161FD39EE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{324D8B9C-3E2D-41F1-A8BF-0A7DEC233906}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36C563D3-EA59-4C67-B1CB-A8FB062CF6EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{371D2618-81B4-4CA6-88BB-BD9D6494F874}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E01E008-64DC-43C5-99E4-D736C6DF319F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43B267AE-5BB5-466E-993C-4E3819348CAD}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{480D0D6E-1001-41A8-AF06-2983CB6BF862}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F256F9F-B3DF-4463-9A9D-4A223162C455}" = lport=445 | protocol=6 | dir=in | app=system |
"{56576AB6-53FB-465E-98B0-2F3F8CCDF8DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58875B23-9D12-44E4-AE71-66DF21EAA71B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{58F5110D-B82F-4C88-9FE7-F4165A68398D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62D6E7BC-71CD-45FD-9939-E92ECA2A2810}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63AC2BF6-0C09-4724-ADC3-5314B4E97B38}" = lport=5357 | protocol=6 | dir=in | app=system |
"{63D679D2-8069-4A24-A00E-51AA2EAEB35B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{669A75CF-0DDB-4D23-8F47-94F8B706430F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F651CB7-EB1E-4D67-92A8-82AAE32ED612}" = rport=445 | protocol=6 | dir=out | app=system |
"{74E27E6E-DA91-422E-841B-02D57F781C90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C14B6C9-1245-4510-8F1B-A196E7E2AB19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81951E04-70AB-4B54-B97A-C7A15F26E17A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86D3E7A8-3FAF-4F2A-B13F-AD3A8CCE368D}" = rport=5358 | protocol=6 | dir=out | app=system |
"{8BB63670-FCAC-4CAE-B8CF-CD1C97E22A8E}" = lport=5358 | protocol=6 | dir=in | app=system |
"{8F9C3B00-8C38-4C83-BA8B-54F33EB78CD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{9099D749-F90F-458B-B8D9-0A6D106E830D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92B1888F-3FE9-4F9E-9300-5BE0F12821CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9363168A-2328-4627-8F8E-F32B2A1008C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{9A8C4D57-A142-42F0-8B73-EC9CBE38171F}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{9AB4EA55-7E10-4907-A133-91ADFD726070}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9BD8E863-799D-4F62-AAF7-EE33A6D0777A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9EFDB909-6980-4580-9F14-B51D7EC2A31C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A4086C58-6B00-4E1C-8955-24386375F062}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{A75ED3A6-167F-4B33-86C2-470400A31DC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD005FDE-9EF7-4EFB-8506-A43F86AC1759}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B18766DA-D558-4ADB-808E-FC5B331CBFBA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B2FD026E-FB0A-4EF4-B35B-D010E4C40197}" = lport=2178 | protocol=6 | dir=in | app=system |
"{BFE64685-B57C-4393-B62A-201574778543}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C2FBB79F-FF64-49D8-9B3B-46896E53CED4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C43F426D-7A38-4EF7-8409-3DE267DF2D37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5146BB9-026A-4156-A89F-4ED18B3742AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C589DC2A-CEF8-46B4-8433-7EE010A40E04}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C71852D0-E0F2-4CE6-B450-F34973FA4FDE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CFADAD03-A0BD-468F-A692-2DE9700FEB89}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D25E8E90-6644-4274-B953-3855B7796163}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D26C74CD-7647-40B0-AC19-8D803D8D5A28}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3143069-EF69-45FB-B661-C53001D67149}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DC0DFB48-F341-439B-832F-B6D1ED5A4694}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E5CEE907-0CEE-47A5-B357-5A1D09464BB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF5E5391-2A67-402C-9152-06E0FAF6B360}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F06FCB40-C2B0-45F7-85B4-5DC67130D53D}" = lport=445 | protocol=6 | dir=in | app=system |
"{F650FF42-0D20-45AC-94FE-DB191C10E77D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAD04CDA-522B-4D84-B7BC-835DE46F3409}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB0A37E5-662F-4384-B9D8-2CC1F373654A}" = rport=2178 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07752A15-BAF9-4EB9-889B-743693D032D4}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{09DEA5BD-0F27-46F1-93EE-C25C206E5C9E}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{09F9B377-3330-4587-9565-D31CDD361C29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B8C7886-FA4F-4075-BCD3-FD4EC2C2E15B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{126BBF94-14C5-40D9-B482-18250465FC6E}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{1590CA76-0C1B-486B-984C-7A35B1B473AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15A3F7D4-C448-4D6D-B4F4-5DD6BC74A070}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{183D0E31-D4FD-4BA6-B1FB-540DAFE7A240}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{1A44CAB6-D865-46F8-B42B-3BFF188E6D3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DB7289F-533F-4D29-AF6E-E46F568E8A9E}" = protocol=1 | dir=in | [email protected],-28543 |
"{204FFED6-7B9C-4685-B555-3A475C0E0A27}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{212E7D41-1EBA-4A55-A13E-D4F9C0A8E42C}" = protocol=1 | dir=out | [email protected],-28544 |
"{31E5C289-EAF6-4FB0-9DED-53639A5E2AE8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{346E4C49-3C1F-4BB4-8BB7-AD30B2EA9DA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F4DFDB9-B580-405E-8D3F-8680A7156E2D}" = protocol=6 | dir=in | app=c:\program files\sega\universe at war earth assault\uawea.exe |
"{430B2CF2-9590-40C9-AC42-6EBC4C76455A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{50863233-E2D3-444C-B7FF-673906D273F5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{53EB510D-EDAF-484C-A9CD-DF99F5977911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{547BEFED-F4C9-4A5A-9C78-BD54434E0CA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56F22378-D230-437A-BFA6-4E006D6EC153}" = protocol=58 | dir=out | [email protected],-28546 |
"{575528FC-5808-460B-A820-AAC4C33B1244}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{5BB62761-5C37-4695-BC20-3157B7FEB87C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C3BA42B-31F0-4E42-ACCF-61462F01CF1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63A64963-6A09-4CCE-892F-F91D49C8C18A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F7050D8-8640-44CA-8EB7-1BE8664CE1DA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{74F0B593-AEE4-4643-90D0-A1A95E3D2F8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B3E67B3-D515-4131-9C0A-EA5DD80B7D3D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7BD28430-B67B-4748-B463-DE8CB0966CB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80374924-F633-4F2C-96C9-AE4FDC69300F}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{8D09F27B-ECC9-430E-ACAE-AE52BFA07F12}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93331F46-9982-41C9-8922-14B8854D14E4}" = protocol=6 | dir=out | app=system |
"{93B45834-B156-4155-9992-489F9FD2EDBE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{9936F173-C29D-492A-8191-34F3D06ACA9A}" = protocol=58 | dir=in | [email protected],-148 |
"{9AC68636-ABCD-4FCC-BD1B-2BF5F5368585}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2BFC10E-1A9A-4134-A1ED-7B3526D6B803}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A55D2C77-7925-43D9-8791-969C1906AEA4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B14987D0-4143-41FD-8B4C-BA776AE0642E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B1D18FAA-BE20-49A6-9A3F-E16F85C2E5EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B201AFEB-E913-4823-A9AB-B589DEBB596F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BDD4C7A0-88EE-4B5A-A7F4-733E3AED476A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF44AE0A-DE85-4669-BFB9-72D8E369ADDC}" = protocol=58 | dir=in | [email protected],-28545 |
"{C1A3F2E2-7BC3-40F3-8176-BA8E41BF7B1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C48F20EF-8976-409D-967A-EDA35C9BC56F}" = protocol=17 | dir=in | app=c:\program files\sega\universe at war earth assault\uawea.exe |
"{CFB24231-13A4-4CB5-9D87-0BFFFD06D38A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D13F2D33-5081-4138-9947-A00E84A5BF95}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{D9B1D72A-C87B-4681-B6FE-82DE68D07F86}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DB5A3CC8-1011-47E0-BD18-9DB3E8D9612B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DBB68696-517D-45B5-8522-4BFB62487919}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E9ED60D5-CF11-4857-B1B0-9D3D83614078}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF713EFD-7A5D-475B-9DBE-BDEBEE4BD8B3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F05D7892-C608-434F-8A0B-05406B7E598B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F330AD3E-0D53-4758-BE7D-D80634F021A2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F412E2D8-3ADD-46EC-A618-4922D4AB2648}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F93C7677-1D35-44CF-93BB-C8CA5223051F}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{FD6FF028-F0D1-49DA-A8B7-BA66FD11E764}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{1837F910-76EA-4F2B-BCCC-70F30B4AE4DD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{2F25C5DD-2FC0-417C-A1CB-C2EAD719D4CE}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3756BD1B-F585-4FCD-8D1C-2656B50CEFF0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{4C956528-99DB-4D59-8E71-B7C6D6FBAC77}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{4FED72A3-FA75-4C92-8D3E-D62D633505E3}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{52128CA7-A35F-4AE6-803E-BDF6D40B30AE}C:\program files\ares vista\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\ares.exe |
"TCP Query User{62089D46-E5CD-4915-9656-8D1834100B3B}C:\program files\ares vista\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\ares.exe |
"TCP Query User{6FBFD978-6374-429E-94CA-195A7F8ED20A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{73676107-12EE-498F-9597-718351DE211D}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{78C44B74-0AFA-419E-981B-FACDCBFC53B2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7AF01723-B671-48CA-BFA2-B4A2092B54F5}C:\program files\vidalia bundle\tor\tor.exe" = protocol=6 | dir=in | app=c:\program files\vidalia bundle\tor\tor.exe |
"TCP Query User{8AAB9D31-BFDD-46D0-AEAC-2FE5B3E940EE}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{A3B4E4D9-C76A-4016-9976-D5DDFEA9D882}C:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ozgeuwww\baupnp[1].exe" = protocol=6 | dir=in | app=c:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ozgeuwww\baupnp[1].exe |
"TCP Query User{A8AFAB59-2770-47D8-8C37-10BB37CCAB46}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{AD666C5F-0250-490B-BFE1-3DDF89E1732D}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{AFFB6F8C-159D-4086-B0C3-39432AB34D49}C:\users\squid\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\squid\program files\bittorrent\bittorrent.exe |
"TCP Query User{C8E68295-943F-459F-9957-CF23370FFC33}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D5A87018-FC28-45E6-8AAE-F10FED13F114}C:\utorrent.exe" = protocol=6 | dir=in | app=c:\utorrent.exe |
"TCP Query User{E32A8D13-FB3D-47E1-A427-9E637B601D16}C:\users\aneirin\downloads\baupnp.exe" = protocol=6 | dir=in | app=c:\users\aneirin\downloads\baupnp.exe |
"TCP Query User{E3F25082-E2BA-4D09-9596-69CEE201DBEA}C:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob861o7f\baupnp[1].exe" = protocol=6 | dir=in | app=c:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob861o7f\baupnp[1].exe |
"TCP Query User{E9109CBB-CD5F-43E5-9F71-989AE026BC18}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{30BAC426-86B0-4EDD-9990-8E6471381DDC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{46A6DEF4-74EC-43A2-9DA5-A51EB4B40CDD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{488562E9-5DF9-43D4-ADC9-9A7B317B31AE}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4CC4BC01-A2EC-4404-8C2A-C45E32164FAC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4F8F7B30-0EC9-47FC-B447-3766B73CD5FB}C:\program files\vidalia bundle\tor\tor.exe" = protocol=17 | dir=in | app=c:\program files\vidalia bundle\tor\tor.exe |
"UDP Query User{4FBFEA9E-CD7F-4088-A984-E50F12EEEB2A}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{56170E89-EFFD-49FF-B8DC-31C81FCEB037}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{6001A70F-3CAC-4AFA-B64D-2006327452FD}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{6BC39C34-0166-4315-9333-6CE6651742F6}C:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ozgeuwww\baupnp[1].exe" = protocol=17 | dir=in | app=c:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ozgeuwww\baupnp[1].exe |
"UDP Query User{7CC092DE-0FBF-4D8D-9E02-3BB2E71E9DD2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7CFEB662-9977-4016-B6A6-8D9930349C13}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{89F38443-67F6-4042-9597-5CEB61BB53F3}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{9517A285-C449-4150-B9EE-5B958B9C0D69}C:\utorrent.exe" = protocol=17 | dir=in | app=c:\utorrent.exe |
"UDP Query User{969DCF7A-E4CE-48E2-A80E-CC5E29468389}C:\program files\ares vista\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\ares.exe |
"UDP Query User{C00F3E7C-513A-4D0B-AA24-6853F1E1298D}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{C40BC629-D03A-4F9B-A58E-5439B50553FD}C:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob861o7f\baupnp[1].exe" = protocol=17 | dir=in | app=c:\users\aneirin\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob861o7f\baupnp[1].exe |
"UDP Query User{CCA9E504-15DE-4EFB-BBF5-FF31B255A93A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{DC30E8FB-08E8-4A67-96C9-AF8FC1A7E350}C:\program files\ares vista\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\ares.exe |
"UDP Query User{E249C36D-EC56-4397-821D-CE34903761DB}C:\users\squid\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\squid\program files\bittorrent\bittorrent.exe |
"UDP Query User{E632D8A1-115D-4DF9-9E1B-D4691DF52F95}C:\users\aneirin\downloads\baupnp.exe" = protocol=17 | dir=in | app=c:\users\aneirin\downloads\baupnp.exe |
"UDP Query User{F619AC68-3ACD-48A6-818A-BA945A6E764F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00CD9341-46BF-C386-1D4C-4D980B615549}" = Catalyst Control Center Localization Chinese Standard
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE Basic
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F81061C-661C-D357-F79C-31B1D78609F9}" = Catalyst Control Center Localization Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{170715E4-3235-8999-C05D-54156AC3F163}" = CCC Help German
"{174C89F3-EBA7-17AB-2FCA-82AE6AF7C8C5}" = CCC Help Japanese
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D9C9979-7B3D-0EBA-06B5-1A648DE8ECFC}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250AD9EB-E6A4-FEE1-AAAF-66EB69E96060}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2B64ACEB-703E-6D90-5CBE-140B9A66C85B}" = Catalyst Control Center Localization Portuguese
"{2CADE3B6-6B69-2050-7B7C-2E6BB1183458}" = Catalyst Control Center Localization Thai
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C042F8-B207-313E-F932-3599ADF24651}" = CCC Help Korean
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE375B7-4C1A-8954-D87B-126990CA06ED}" = Catalyst Control Center Localization Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42DB15D5-DAAD-A187-252F-80B669BFC970}" = CCC Help Turkish
"{44F70E24-C55E-4C6E-29F1-573C03BDFB9D}" = CCC Help Chinese Traditional
"{4517895C-2CCB-9CA7-D24A-E74559551426}" = Catalyst Control Center Localization Chinese Traditional
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{49041980-E77D-DCAD-8365-F22688D3A8AE}" = Catalyst Control Center Localization Hungarian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{569F35EF-9A3E-7EA6-3817-01F7A142E608}" = CCC Help Thai
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57E08EAC-F4FA-E453-6516-CA4D8AF4BD6D}" = CCC Help English
"{5D9748ED-2EC3-E694-68E7-14AE077AA686}" = Catalyst Control Center Core Implementation
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FC963A4-D7C2-743E-4634-0BE6893D2D30}" = ccc-utility
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7484FF63-DFD5-4703-5D5A-7B197CBC6AF7}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D4609A-AE25-B8CA-9FD2-9DC5A919414E}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F19855D-DB03-2435-858D-8CD809994A3F}" = Catalyst Control Center Localization Korean
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8958DFF1-3103-8A70-9108-40D7D359D8C6}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E3A5EA8-DE6D-9333-0DB4-55FB9B6EED46}" = CCC Help Chinese Standard
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90CA0C98-4E23-8B12-29EC-FCEB49983E7E}" = Catalyst Control Center Localization Japanese
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A57F3E7-F32D-FD92-124C-B9C9D7231C20}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB22EB20-70C4-32D9-CAE5-816E24F458CA}" = Catalyst Control Center Graphics Full Existing
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A0F1A3-7AD3-F7E3-D81A-0A5EC68F0397}" = Catalyst Control Center Localization Polish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD65BFB7-291F-9D67-760B-4FD16337FCB9}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB98F489-0D1B-0244-2B95-24F4C9D6A5BD}" = CCC Help Spanish
"{DC0D3295-0697-808C-4F1F-44E58330C3E8}" = Catalyst Control Center Localization German
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79066AE-9AF1-9C3C-6F3A-95BC4A3C3E33}" = Catalyst Control Center Graphics Previews Common
"{E87B8271-8225-31ED-95BE-0C7DB1813F7C}" = CCC Help French
"{E87FE5BA-2E1B-A6F2-F40E-9D6865ADF886}" = Catalyst Control Center Localization French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E39EE-5306-6765-9EE3-CD3ECFE9678F}" = Catalyst Control Center Graphics Previews Vista
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F318B83E-27E2-2EFF-12EE-667C02A062D9}" = CCC Help Portuguese
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FCDBE9CF-CFB4-2260-8F84-09B6F7FD9A87}" = Catalyst Control Center Localization Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"Applian FLV Player2.0.24" = Applian FLV Player
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExtractNow_is1" = ExtractNow
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Songbird" = Philips Songbird
"Prism" = Prism Video Converter
"Privoxy" = Privoxy 3.0.6
"Replay Converter 3" = Replay Converter 3
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Replay Music3.45" = Replay Music
"Shockwave" = Shockwave
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery v3.2
"Switch" = Switch Sound File Converter
"Tor" = Tor 0.2.0.35
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Vidalia" = Vidalia 0.1.15
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3392915109-101008560-1142800397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/06/2009 06:55:41 | Computer Name = Aneirin-PC | Source = avast! | ID = 33554522
Description =

Error - 24/07/2009 15:53:47 | Computer Name = Aneirin-PC | Source = avast! | ID = 33554522
Description =

Error - 11/12/2009 00:34:49 | Computer Name = Aneirin-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 23/10/2010 06:50:28 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30944701

Error - 23/10/2010 06:50:29 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/10/2010 06:50:29 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30945700

Error - 23/10/2010 06:50:29 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30945700

Error - 23/10/2010 06:50:30 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/10/2010 06:50:30 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30946698

Error - 23/10/2010 06:50:30 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30946698

Error - 23/10/2010 06:50:31 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/10/2010 06:50:31 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30947697

Error - 23/10/2010 06:50:31 | Computer Name = Aneirin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30947697

[ OSession Events ]
Error - 24/06/2009 11:29:37 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/07/2009 22:42:02 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/07/2009 05:58:25 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/07/2009 18:15:18 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/08/2009 11:31:19 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/09/2009 09:29:13 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/10/2009 16:01:45 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/03/2010 09:26:58 | Computer Name = Aneirin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74
seconds with 60 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#8
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hope ya find that enlightening :) thanks alot for taking a look for me!
  • 0

#9
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening,

Thanks for that information regarding the status of your computer.

Please run this tool:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#10
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 09-06-12.02 - aneirin 13/06/2009 0:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1285 [GMT 1:00]
Running from: c:\users\aneirin\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXmcputjeypobrjkywihlhfdrloqbjhjmo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSIVXSERV.SYS
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 23:46 . 2009-06-12 23:51 -------- d-----w- c:\users\aneirin\AppData\Local\temp
2009-06-12 22:44 . 2009-06-12 22:44 -------- d-----w- C:\help
2009-06-12 17:44 . 2009-06-12 17:44 -------- d-----w- c:\program files\Trend Micro
2009-06-12 10:40 . 2009-06-12 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-12 10:40 . 2009-06-12 10:40 -------- d-----w- c:\users\aneirin\AppData\Roaming\SUPERAntiSpyware.com
2009-06-11 18:28 . 2009-06-12 18:37 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-06-11 18:28 . 2009-06-11 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 18:19 . 2009-06-11 18:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-11 18:11 . 2009-06-11 18:11 -------- d-----w- c:\progra~2\AVG Security Toolbar
2009-06-11 18:08 . 2009-06-11 18:08 -------- d-----w- c:\program files\AVG
2009-06-11 18:07 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-11 18:07 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-11 18:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-11 18:07 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-11 18:07 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-11 18:06 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-11 18:06 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-11 18:06 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-11 18:06 . 2009-06-11 18:06 -------- d-----w- c:\program files\Alwil Software
2009-06-10 10:40 . 2009-06-12 12:16 680 ----a-w- c:\users\aneirin\AppData\Local\d3d9caps.dat
2009-06-09 23:52 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-09 22:50 . 2009-03-19 15:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-09 22:50 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-09 22:50 . 2009-06-09 22:50 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 22:47 . 2009-06-09 22:48 -------- d-----w- c:\program files\QuickTime
2009-06-09 20:51 . 2009-06-09 22:50 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-09 20:51 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-09 20:51 . 2009-06-09 20:51 -------- dc-h--w- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 20:50 . 2009-06-09 20:51 -------- d-----w- c:\progra~2\Lavasoft
2009-06-09 20:50 . 2009-06-09 20:50 -------- d-----w- c:\program files\Lavasoft
2009-06-09 17:03 . 2009-06-09 17:03 1878984 ----a-w- c:\users\aneirin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-08 23:31 . 2009-06-08 23:31 -------- d-----w- c:\program files\PlayAllDVD
2009-06-08 13:57 . 2009-06-09 13:35 -------- d-----w- c:\program files\PeerGuardian2
2009-06-06 03:33 . 2009-06-08 14:55 -------- d-----w- c:\users\aneirin\AppData\Roaming\AstoundStereoExpander
2009-05-30 10:24 . 2009-05-30 10:24 -------- d-----w- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 22:06 . 2009-01-11 19:53 -------- d-----w- c:\users\aneirin\AppData\Roaming\uTorrent
2009-06-12 19:57 . 2008-09-04 01:10 7306 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-12 18:53 . 2008-09-21 15:59 -------- d-----w- c:\progra~2\Google Updater
2009-06-12 17:38 . 2008-10-05 12:35 -------- d-----w- c:\program files\Yahoo!
2009-06-12 17:15 . 2008-06-24 17:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-12 17:03 . 2008-04-23 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 10:33 . 2009-04-23 16:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 21:17 . 2008-06-29 16:06 -------- d-----w- c:\users\aneirin\AppData\Roaming\Apple Computer
2009-06-11 18:25 . 2008-08-07 12:18 -------- d-----w- c:\program files\Safari
2009-06-10 09:50 . 2008-04-23 19:44 -------- d-----w- c:\program files\Google
2009-06-09 22:50 . 2008-08-07 12:23 -------- d-----w- c:\program files\iTunes
2009-06-09 22:50 . 2008-08-07 12:23 -------- d-----w- c:\program files\iPod
2009-06-09 22:48 . 2008-07-13 15:01 -------- d-----w- c:\program files\Bonjour
2009-06-09 13:37 . 2008-04-23 19:37 -------- d-----w- c:\program files\Creative
2009-06-09 13:37 . 2008-04-23 19:37 -------- d-----w- c:\progra~2\Creative
2009-06-09 13:31 . 2008-09-14 16:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 13:29 . 2009-02-03 15:41 -------- d-----w- c:\progra~2\Symantec
2009-06-08 16:39 . 2008-06-24 13:00 -------- d-----w- c:\users\aneirin\AppData\Roaming\BitTorrent
2009-06-08 14:57 . 2008-07-27 09:25 -------- d-----w- c:\program files\Ares Vista
2009-06-06 02:08 . 2008-05-29 00:30 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-06 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-24 19:02 . 2008-06-22 11:42 101416 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 14:29 . 2009-04-24 14:29 -------- d-----w- c:\users\squid\AppData\Roaming\Yahoo!
2009-04-24 14:26 . 2009-04-24 14:26 -------- d-----w- c:\progra~2\3114A
2009-04-24 14:26 . 2009-04-24 14:26 -------- d-----w- c:\program files\BearShare Applications
2009-04-24 10:52 . 2009-01-06 06:40 -------- d-----w- c:\program files\Spyware Doctor
2009-04-23 16:46 . 2009-04-23 16:45 -------- d-----w- c:\program files\TalkTalk
2009-03-17 03:38 . 2009-04-23 17:24 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-23 17:24 24064 ----a-w- c:\windows\system32\amxread.dll
2008-10-21 21:54 . 2008-10-21 21:53 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-10-21 21:52 . 2008-10-21 21:51 8320728 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-10-21 21:49 . 2008-10-21 21:47 20976776 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2008-04-24 02:18 . 2008-04-24 02:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 12:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-24 4452352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^aneirin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASE Audio Processor

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A8AFAB59-2770-47D8-8C37-10BB37CCAB46}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{4CC4BC01-A2EC-4404-8C2A-C45E32164FAC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{AD666C5F-0250-490B-BFE1-3DDF89E1732D}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{C00F3E7C-513A-4D0B-AA24-6853F1E1298D}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{74F0B593-AEE4-4643-90D0-A1A95E3D2F8C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{31E5C289-EAF6-4FB0-9DED-53639A5E2AE8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F330AD3E-0D53-4758-BE7D-D80634F021A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D09F27B-ECC9-430E-ACAE-AE52BFA07F12}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [09/06/2009 21:51 64160]
R0 nvamacpi;Nvidia Away Mode System;c:\windows\System32\drivers\nvamacpi.sys [22/07/2008 12:11 24608]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/06/2009 19:07 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/06/2009 19:07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/06/2009 19:06 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/06/2009 19:28 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\System32\drivers\lmvac.sys [12/09/2008 13:13 18912]
S2 gupdate1c96a82b0c0a630;Google Update Service (gupdate1c96a82b0c0a630);c:\program files\Google\Update\GoogleUpdate.exe [30/12/2008 14:29 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 951632]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\System32\drivers\BLKWGU.sys [18/10/2008 14:30 252416]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [06/01/2009 07:40 356920]
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-23 10:53]

2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 17:16]

2009-06-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 00:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3392915109-101008560-1142800397-1000\Software\SecuROM\License information*]
"datasecu"=hex:5c,ad,7c,58,44,68,ab,a9,9e,31,46,31,9e,7c,16,2a,32,cb,de,89,23,
f1,e2,89,9e,19,58,4f,ee,b0,99,62,76,15,26,e7,8a,c4,27,7b,2b,1c,87,c8,da,d0,\
"rkeysecu"=hex:ca,1c,b1,c5,c6,fb,e2,08,b7,3a,30,3e,f2,2a,b6,e6
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\CF23209.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-06-12 0:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 23:56

Pre-Run: 97,957,687,296 bytes free
Post-Run: 97,975,468,032 bytes free

224 --- E O F --- 2009-06-07 12:09
  • 0

#11
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for posting that log file.

Can you please check your computer clock and ensure that it's set to the right day and time?


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
DirLook::
c:\progra~2\3114A

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#12
aneiring

aneiring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hi i really appreciate your help and hope this is not too annoying but i may not be able to continue this now for some time as i am having to travel to morocco, can we carry on upon my return? i dont know yet when i will return im afraid but i can contact you from other computers to let ya know. again thank you very much
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, thanks for letting me know. I'll see what I can do to keep this thread open. If for some reason, the thread does get closed, please feel free to contact me via PM and I'll be happy to re-open it upon your return.
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP