Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus.

Started by Jimmybean , Sep 29 2009 01:28 PM

  • Please log in to reply

#1
Jimmybean
Posted 29 September 2009 - 01:28 PM

Jimmybean

    New Member

  • Member
  • Pip
  • 8 posts
Thread started as instructed here: http://www.geekstogo...le-t253672.html


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

29/09/2009 20:01:54
mbam-log-2009-09-29 (20-01-54).txt

Scan type: Quick Scan
Objects scanned: 75956
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 29/09/2009 20:05:34 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = L:\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 14.10 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 826.25 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
Drive E: | 931.28 Gb Total Space | 563.74 Gb Free Space | 60.53% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 7.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 896.51 Gb Total Space | 776.74 Gb Free Space | 86.64% Space Free | Partition Type: NTFS

Computer Name: USERORG-MAIZIZR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 02:04:02 | 00,377,248 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 02:04:02 | 00,377,248 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/08/06 19:47:16 | 01,217,784 | ---- | M] (Valve Corporation) -- D:\Games\Half-life 2\Steam.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/21 01:59:56 | 04,359,600 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/01/21 02:05:18 | 00,960,560 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/11/16 11:20:26 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2007/10/28 09:35:48 | 00,072,736 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007/06/04 18:24:44 | 00,599,600 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2006/08/17 13:45:56 | 00,249,856 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2006/08/17 13:45:56 | 00,249,856 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2009/09/29 17:39:32 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/07/14 00:28:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/14 00:28:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/08/06 22:51:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/06 22:51:14 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe
PRC - [2007/06/27 12:31:28 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/08/23 17:52:06 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/23 17:52:06 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/06 22:51:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/06 22:51:13 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2009/08/06 22:51:13 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2009/08/06 22:51:13 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2009/08/06 22:51:21 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/06 22:51:21 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/05 14:24:40 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2009/09/05 14:24:40 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2009/09/05 14:24:40 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2009/07/14 00:22:08 | 01,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTXFISPI.EXE
PRC - [2009/09/13 15:19:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/13 15:19:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/29 20:02:16 | 00,518,144 | ---- | M] (OldTimer Tools) -- L:\Downloads\OTL.exe
PRC - [2009/09/29 20:02:16 | 00,518,144 | ---- | M] (OldTimer Tools) -- L:\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/21 03:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 08:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService [Auto | Running])
SRV:64bit: - [2008/01/21 03:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fxssvc.exe -- (Fax [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 08:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 08:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine [On_Demand | Stopped])
SRV:64bit: - [2008/01/21 03:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/21 03:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2009/01/21 02:04:14 | 00,828,864 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2009/08/06 22:51:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/06 22:51:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/06 22:51:14 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2009/03/30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/30 05:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2009/07/03 17:00:12 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service [On_Demand | Stopped])
SRV - [2009/07/03 16:58:58 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service [On_Demand | Stopped])
SRV - [2009/08/27 21:58:45 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service [On_Demand | Stopped])
SRV - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService [Auto | Running])
SRV - [2008/01/21 03:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/21 03:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 16:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 19:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/02/18 19:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2007/06/27 12:31:28 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/02 14:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2009/08/23 17:52:06 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/09/05 14:24:40 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2006/11/02 07:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 07:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.scan.co.uk
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/06 14:55:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/13 15:19:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/09/13 15:19:18 | 00,000,000 | ---D | M]

[2009/08/06 19:33:27 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/08/06 19:33:27 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 19:33:49 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\02geo1jj.default\extensions
[2009/08/06 21:25:58 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\02geo1jj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 17:40:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\02geo1jj.default\extensions\[email protected]
[2009/08/06 19:33:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/13 15:19:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 15:19:15 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 15:19:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/13 15:19:17 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2008/09/10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2007/05/02 14:28:50 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2007/05/02 14:28:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2007/05/02 14:28:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2007/05/02 14:28:54 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2007/05/02 14:28:54 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/09/13 15:19:17 | 00,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/09/13 15:19:17 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/09/13 15:19:17 | 00,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/09/13 15:19:17 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/13 15:19:17 | 00,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/09/13 15:19:17 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/09/13 15:19:17 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/13 15:19:17 | 00,000,831 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] d:\games\half-life 2\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{22abbe50-6adb-11de-ae16-806e6f6e6963}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs:64bit: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs:64bit: Ias - Service key not found. File not found
NetSvcs:64bit: Irmon - Service key not found. File not found
NetSvcs:64bit: Nla - Service key not found. File not found
NetSvcs:64bit: Ntmssvc - Service key not found. File not found
NetSvcs:64bit: NWCWorkstation - Service key not found. File not found
NetSvcs:64bit: Nwsapagent - Service key not found. File not found
NetSvcs:64bit: SRService - Service key not found. File not found
NetSvcs:64bit: Wmi - Service key not found. File not found
NetSvcs:64bit: WmdmPmSp - Service key not found. File not found
NetSvcs:64bit: LogonHours - Service key not found. File not found
NetSvcs:64bit: PCAudit - Service key not found. File not found
NetSvcs:64bit: helpsvc - Service key not found. File not found
NetSvcs:64bit: uploadmgr - Service key not found. File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/29 19:47:25 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\G2G
[2009/09/29 19:44:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/09/29 19:44:06 | 00,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/29 19:44:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/09/29 19:44:02 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/09/29 19:44:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/29 19:44:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/09/29 19:43:03 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/29 19:41:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/09/27 12:28:41 | 00,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/09/26 22:44:47 | 00,001,230 | ---- | C] () -- C:\Users\Administrator\Desktop\Downloads.lnk
[2009/09/25 22:40:02 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ArmA 2 Other Profiles
[2009/09/25 18:41:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Call of Juarez - Bound in Blood
[2009/09/25 18:23:51 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ArmA 2
[2009/09/25 18:23:51 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ArmA 2
[2009/09/22 22:01:26 | 00,700,416 | ---- | C] (Axis) -- C:\Windows\SysWow64\AxisToolBar.ocx
[2009/09/22 22:01:26 | 00,188,416 | ---- | C] (Unreal Streaming Technologies Group.) -- C:\Windows\SysWow64\UScreenCapture.ax
[2009/09/22 22:01:26 | 00,126,976 | ---- | C] (Ariel Systems) -- C:\Windows\SysWow64\ArielColorCtrl.ocx
[2009/09/22 22:01:26 | 00,073,728 | ---- | C] (PCWinSoft Systems Ltd) -- C:\Windows\SysWow64\TOverlay.ax
[2009/09/22 22:01:26 | 00,053,248 | ---- | C] (DeskShare) -- C:\Windows\SysWow64\DSTimeStamp.ax
[2009/09/22 22:01:26 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\wavdest.ax
[2009/09/22 22:01:26 | 00,036,864 | ---- | C] (Axis) -- C:\Windows\SysWow64\Sof2FFTPrj.ocx
[2009/09/22 22:01:26 | 00,028,672 | ---- | C] (Axis) -- C:\Windows\SysWow64\SpecBarPrj.ocx
[2009/09/22 22:01:26 | 00,008,608 | ---- | C] () -- C:\Windows\SysWow64\mpeg4ax.cat
[2009/09/22 22:01:26 | 00,008,587 | ---- | C] () -- C:\Windows\SysWow64\msaudio.cat
[2009/09/22 22:01:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\1AVCapture
[2009/09/17 13:28:28 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2009/09/17 13:28:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2009/09/16 21:35:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVPN
[2009/09/16 18:02:27 | 00,000,000 | R--D | C] -- C:\Users\Administrator\Documents\Scanned Documents
[2009/09/16 18:02:27 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Fax

========== Files - Modified Within 14 Days ==========

[2 C:\Windows\SysNative\*.tmp files]
[2009/09/29 20:02:22 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/29 20:02:22 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/29 20:02:22 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/29 19:55:27 | 00,000,368 | ---- | M] () -- C:\Windows\lgfwup.ini
[2009/09/29 19:54:45 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/29 19:54:45 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/29 19:54:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/29 19:54:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/29 19:54:37 | 21,381,69343 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/29 19:53:37 | 00,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000000-00001102-0000000B-00431102}.rfx
[2009/09/29 19:53:37 | 00,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000000-00001102-0000000B-00431102}.rfx
[2009/09/29 19:53:37 | 00,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000000-00001102-0000000B-00431102}.rfx
[2009/09/29 19:53:30 | 03,239,065 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/09/29 19:44:06 | 00,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/29 19:41:35 | 00,034,816 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/29 17:42:54 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04892D8C-1AA7-4929-8853-B28103B2AC95}.job
[2009/09/29 17:39:41 | 41,948,701 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/09/29 17:37:48 | 00,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/09/28 20:52:16 | 00,113,263 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/09/26 22:44:47 | 00,001,230 | ---- | M] () -- C:\Users\Administrator\Desktop\Downloads.lnk
[2009/09/26 22:44:27 | 00,001,230 | ---- | M] () -- C:\Users\Administrator\Documents\Downloads.lnk
[2009/09/24 20:31:01 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/09/24 20:31:01 | 00,189,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/09/22 22:12:19 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/09/20 13:41:20 | 00,073,728 | ---- | M] (PCWinSoft Systems Ltd) -- C:\Windows\SysWow64\TOverlay.ax
[2009/09/20 13:40:58 | 00,700,416 | ---- | M] (Axis) -- C:\Windows\SysWow64\AxisToolBar.ocx
[2009/09/20 10:02:20 | 00,036,864 | ---- | M] (Axis) -- C:\Windows\SysWow64\Sof2FFTPrj.ocx
[2009/09/20 09:44:46 | 00,028,672 | ---- | M] (Axis) -- C:\Windows\SysWow64\SpecBarPrj.ocx

========== LOP Check ==========

[2009/09/29 19:44:07 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming
[2009/07/06 16:37:15 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis
[2009/07/09 22:40:23 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CyberLink
[2009/07/06 16:20:34 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DeepBurner
[2009/07/07 11:45:58 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GRETECH
[2009/09/17 13:28:28 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2006/11/02 16:06:33 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2009/09/05 20:58:27 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPEG Streamclip
[2009/07/16 20:46:57 | 00,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2009/08/08 21:18:22 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2009/09/29 19:54:44 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/29 19:53:34 | 00,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/29 17:42:54 | 00,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{04892D8C-1AA7-4929-8853-B28103B2AC95}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6DFF1A8A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8C35AEA7
< End of report >




OTL Extras logfile created on: 29/09/2009 20:05:34 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = L:\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 14.10 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 826.25 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
Drive E: | 931.28 Gb Total Space | 563.74 Gb Free Space | 60.53% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 7.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 896.51 Gb Total Space | 776.74 Gb Free Space | 86.64% Space Free | Partition Type: NTFS

Computer Name: USERORG-MAIZIZR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = D1 A3 60 11 48 FE C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDC55AC4-95FD-41F7-9D4E-E9DD5456759E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3E1D7D8-D81F-46E0-936F-371E7638F5DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094DFCDE-1A51-4B57-99CA-55F657F2DEFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0ACD8D34-8911-4886-AB72-99CD9E5BF76D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0BC7C485-08A3-4F91-BE30-B2E121CBDAF8}" = protocol=17 | dir=in | app=d:\games\half-life 2\steamapps\common\left 4 dead\left4dead.exe |
"{15D0BD80-EC1C-436D-8AD3-F803DE7F612A}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3C1F6BC1-9C35-4074-94B4-6E98537CE9E8}" = protocol=17 | dir=in | app=d:\games\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{416959DF-760C-4C65-8CBA-76F321A28DF8}" = protocol=6 | dir=in | app=d:\games\half-life 2\steamapps\common\killingfloor\system\killingfloor.exe |
"{4AE2563C-AE5A-43D6-9EAF-8DE302C39B68}" = protocol=6 | dir=in | app=d:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4C5CC4C8-8AAD-4EDF-BB9D-289B48357B37}" = protocol=17 | dir=in | app=d:\games\half-life 2\steamapps\common\killingfloor\system\killingfloor.exe |
"{4F1EE023-35C2-453A-9615-3F4D91504A59}" = protocol=6 | dir=in | app=d:\games\activision\call of duty - world at war\codwaw.exe |
"{4FBA50D9-EDE1-4728-9AA7-A9B809850E46}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{58F82A08-2AC2-465D-9784-14D6513907F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{5982DA97-EA33-49D0-BE86-2482EA85983F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5C799D37-C650-44B1-9700-FF45AD72B8B6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5D611613-41DC-4205-BDD2-FA693737D391}" = protocol=17 | dir=in | app=d:\games\half-life 2\steamapps\common\fear2\fear2.exe |
"{64C7B65B-C460-49D3-BA79-0855A7D961E2}" = protocol=6 | dir=in | app=d:\games\activision\codwawmp.exe |
"{688F7BBE-34AD-4760-89B0-177F44F6D036}" = protocol=17 | dir=in | app=d:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6CBC5457-0686-41C1-B3ED-0E9068D3BDC5}" = protocol=6 | dir=in | app=d:\games\half-life 2\steamapps\common\left 4 dead\left4dead.exe |
"{6D81913C-41E3-400A-AB0B-7DC5708F18FA}" = protocol=17 | dir=in | app=d:\games\activision\codwawmp.exe |
"{82E55518-47AC-441A-9182-54275D695EEF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{949BB6E0-B568-4E38-B0AB-D109D0EE590A}" = protocol=6 | dir=in | app=d:\games\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{9FA2FC1E-BD1A-4C29-8038-D91651933CE5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B32074BC-513F-4B74-BCE5-E507099B98F5}" = protocol=6 | dir=in | app=d:\games\half-life 2\steamapps\common\fear2\fear2.exe |
"{B6759B2F-6C3E-452E-9262-E8FEBD31BBA8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D7BF8436-D5CB-4602-B5C1-8C012B7CA240}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DC8468D4-11DF-4FAC-BCB0-31A3E3360D6F}" = protocol=6 | dir=in | app=d:\games\activision\call of duty - world at war\codwawmp.exe |
"{DDF3B685-DB91-4FB5-9903-A77A27E5F185}" = protocol=17 | dir=in | app=d:\games\activision\call of duty - world at war\codwaw.exe |
"{E273CD21-C03E-4DA9-8A29-F4E5D3C6C09B}" = protocol=17 | dir=in | app=d:\games\half-life 2\steamapps\common\red orchestra\system\redorchestra.exe |
"{E3CB3485-B85A-4672-8173-16AB29D9CAD0}" = protocol=6 | dir=in | app=d:\games\activision\codwaw.exe |
"{EDC9F81F-4DB2-47B8-BD82-46FE6A445BA5}" = protocol=6 | dir=in | app=d:\games\half-life 2\steamapps\common\red orchestra\system\redorchestra.exe |
"{F4B38894-6BDA-4AE3-B885-F6113F646424}" = protocol=17 | dir=in | app=d:\games\activision\codwaw.exe |
"{F7F3EDCD-907E-4EB5-A52E-625B3571BC29}" = protocol=17 | dir=in | app=d:\games\activision\call of duty - world at war\codwawmp.exe |
"TCP Query User{53FB1846-8873-49E2-AD53-7DF7F6D9ED6F}D:\games\half-life 2\steamapps\jimhughes416\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\games\half-life 2\steamapps\jimhughes416\day of defeat source\hl2.exe |
"UDP Query User{03F7AEC6-9664-4E3E-9DB7-22F759EBA9E3}D:\games\half-life 2\steamapps\jimhughes416\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\games\half-life 2\steamapps\jimhughes416\day of defeat source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{54E4B319-0CE0-448D-B299-EE05BC30E4D1}" = Windows Live Family Safety
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"BurnInTest_is1" = BurnInTest v5.3 Pro
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PerformanceTest_is1" = PerformanceTest v6.1 (64-bit)
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{71F17309-007D-43F9-9313-DBFBA5FCB3B3}" = LightScribe Optical Disc Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"ArmA 2" = ArmA 2 Uninstall
"AudioCS" = Creative Audio Control Panel
"AVG8Uninstall" = AVG 8.5
"Brothers in Arms - [bleep]'s Highway" = Brothers in Arms: [bleep]'s Highway
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Crysis WARHEAD®" = Crysis WARHEAD®
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Diagnostics 4_5" = Creative Diagnostics
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1
"GOM Player" = GOM Player
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealAlt_is1" = Real Alternative 1.9.0
"SFBM" = SoundFont Bank Manager
"Steam App 1250" = Killing Floor
"Steam App 1280" = Darkest Hour
"Steam App 130" = Half-Life: Blue Shift
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17700" = Insurgency
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 30" = Day of Defeat
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 500" = Left 4 Dead
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"Veoh Web Player Beta" = Veoh Web Player
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2009 05:23:02 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 14/09/2009 05:23:02 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 14/09/2009 05:23:02 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 14/09/2009 05:23:02 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 14/09/2009 05:23:03 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 14/09/2009 05:23:03 | Computer Name = USERORG-MAIZIZR | Source = Windows Search Service | ID = 3013
Description =

Error - 15/09/2009 06:53:46 | Computer Name = USERORG-MAIZIZR | Source = WinMgmt | ID = 10
Description =

Error - 16/09/2009 06:43:10 | Computer Name = USERORG-MAIZIZR | Source = WinMgmt | ID = 10
Description =

Error - 16/09/2009 16:06:27 | Computer Name = USERORG-MAIZIZR | Source = RasClient | ID = 20227
Description =

Error - 16/09/2009 16:07:09 | Computer Name = USERORG-MAIZIZR | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 05/08/2009 14:34:42 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 05/08/2009 14:34:42 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 05/08/2009 14:34:42 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 06/08/2009 13:17:26 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 06/08/2009 13:17:26 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 06/08/2009 13:17:26 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 06/08/2009 13:17:26 | Computer Name = USERORG-MAIZIZR | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 06/08/2009 15:18:10 | Computer Name = USERORG-MAIZIZR | Source = DCOM | ID = 10005
Description =

Error - 06/08/2009 15:18:11 | Computer Name = USERORG-MAIZIZR | Source = Service Control Manager | ID = 7009
Description =

Error - 06/08/2009 15:18:11 | Computer Name = USERORG-MAIZIZR | Source = Service Control Manager | ID = 7000
Description =


< End of report >

I'm unable to run a rootrepeal scan unless there is a version compatible with 64Bit vista. I could not run the version given in the Virus, Spyware and Trojan Removal thread.

Thanks.
  • 0

Advertisements

#2
emeraldnzl
Posted 03 October 2009 - 12:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jimmybean,

Welcome to the Malware Forum.

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

Step 2

We need to disable Windows Defender to stop it interfering with the tools we are using.

How to turn Windows Defender on or off

Applies to all editions of Windows Vista.

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Next

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
  • 0

#3
Jimmybean
Posted 04 October 2009 - 05:50 AM

Jimmybean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello emeraldnzl,

Thanks for the reply and welcome :)

Will it be safe to leave my computer online scanning as my original problem is that firewall disables its self on boot up and then after 6-8 hours or so, it may have disabled before I get home from work, would that leave me open to more possible virus's?

Not meaning to question your expertise, at all. Just wanted to double check.

Thanks very much for your help!

Jim.

Edited by Jimmybean, 04 October 2009 - 05:51 AM.

  • 0

#4
emeraldnzl
Posted 04 October 2009 - 05:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jimmybean

Will it be safe to leave my computer online scanning as my original problem is that firewall disables its self on boot up and then after 6-8 hours


Clearly without a firewall it will not be as safe as with one.

Having said that, I can't see that you will have a problem while Kaspersky is scanning. Never had one before. :)

That's assuming you don't do anything else while it is scanning. It's best to leave it to do its job anyway. :)

edited to add point about not doing anything else

Edited by emeraldnzl, 04 October 2009 - 05:53 PM.

  • 0

#5
Jimmybean
Posted 05 October 2009 - 10:38 AM

Jimmybean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK great, thanks for the reassurance.

I'll scan in the next few days and post the logs.

Thanks.
  • 0

#6
emeraldnzl
Posted 05 October 2009 - 02:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie :)
  • 0

#7
Jimmybean
Posted 10 October 2009 - 05:46 AM

Jimmybean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,

Im having some trouble disabling windows defender, I follow your path to tools/options but there is no administrator options, nor can I see any check box for disabling it anywhere in the aplication. In the options there is only "automatic scanning" and "default actions" options.

Confused :)

Im running vista ultimate 64bit if that makes any difference.

Thanks.

Edited by Jimmybean, 10 October 2009 - 05:51 AM.

  • 0

#8
emeraldnzl
Posted 10 October 2009 - 01:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm... I wonder whether you had administrative rights? Try right clicking and running as Admininistrator.

Alternatively I this link has some actions that might be helpful.

http://www.mydigital...ender-in-vista/

Tell me how you get on. :)
  • 0

#9
Jimmybean
Posted 14 October 2009 - 01:03 PM

Jimmybean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi again :)

Yes that link helped thanks, it seems disabling "real time protection" is basically turning windows defender off.

However, due to me having to work away for the next three weeks, I will not be able to do the scan until after then (my computer will not be in use during this time), if its ok with you I will ask you not to close the thread and I will scan and post the results when I get back. Would that be OK?
  • 0

#10
emeraldnzl
Posted 14 October 2009 - 01:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Yes, I will do my best not to close this thread. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP