Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log / Ask.com?!?!


  • This topic is locked This topic is locked
9 replies to this topic

#1 FRISC0

FRISC0

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 12 May 2009 - 07:29 AM

Basically if i type something in the top bar of firefox. Anything random, it searches using Ask.com
I just searched "sgshzhzshfdh" and got this: http://www.ask.com/web?o=13115&l=dis&a...h&qsrc=2869
It used to be Google!
How do I remove it/convert it back to Google?

Here is my hijack log if anything suspicious is there also!
Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:19, on 12/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Jamie\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Audacity\audacity.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5725 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:14 PM

Posted 12 May 2009 - 04:44 PM

Hi FRISC0,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste both the logs to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#3 FRISC0

FRISC0
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 12 May 2009 - 05:26 PM

Heya, I had removed a few games and installed a sony ericsson update software thingy but I don't think these will make any difference to my logs before (hijackthis)

Thankyou for helping me :thumbup2:

Heres the logs:
OTLISTIT.TXT:

OTListIt logfile created on: 12/05/2009 23:17:50 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.31% Memory free
4.00 Gb Paging File | 2.79 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 157.86 Gb Free Space | 52.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMIE-PC
Current User Name: Jamie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/02 08:45:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/03 19:33:22 | 00,088,040 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/04/03 19:18:44 | 00,364,008 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2002/08/14 04:33:46 | 01,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe
PRC - [2009/05/02 08:45:59 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/02 08:45:59 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/09/10 14:14:24 | 00,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2009/05/02 08:45:52 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/26 10:16:59 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 08:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/04/23 12:55:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/19 08:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/28 22:36:01 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/29 11:28:20 | 00,468,408 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/05/12 23:16:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/21 00:44:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 19:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/02 08:45:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/03 19:33:22 | 00,088,040 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
SRV - [2009/04/03 19:18:44 | 00,364,008 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 10:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2002/08/14 04:33:46 | 01,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe -- (MySql [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/11/06 21:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2009/05/08 16:28:58 | 00,322,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/09/16 09:43:10 | 04,127,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVAC.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/05/02 08:45:59 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/02 08:45:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2001/08/17 22:04:48 | 00,171,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\camdrv30.sys -- (Camdrv30 [On_Demand | Running])
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/11 19:48:38 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\system32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])
DRV - [2009/03/11 19:48:38 | 00,024,616 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\system32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2009/04/03 19:18:44 | 00,033,256 | ---- | M] (AnchorFree Inc.) -- C:\Windows\system32\DRIVERS\HssDrv.sys -- (HssDrv [On_Demand | Running])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/01/19 06:55:21 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/11/06 21:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\Windows\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/03/16 11:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2008/08/01 19:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2009/03/28 00:03:00 | 07,738,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/02/17 03:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Stopped])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/26 03:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/05/10 02:33:10 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\RMCAST.sys -- (RMCAST [Auto | Running])
DRV - [2008/06/27 01:40:18 | 00,335,872 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\system32\DRIVERS\RTL8187.sys -- (RTL8187 [On_Demand | Running])
DRV - [2008/06/27 01:40:18 | 00,335,872 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\system32\DRIVERS\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])
DRV - [2008/06/04 07:34:08 | 00,090,408 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018bus.sys -- (s1018bus [On_Demand | Stopped])
DRV - [2008/06/04 07:34:06 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018mdfl.sys -- (s1018mdfl [On_Demand | Stopped])
DRV - [2008/06/04 07:34:08 | 00,122,024 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018mdm.sys -- (s1018mdm [On_Demand | Stopped])
DRV - [2008/06/04 07:34:08 | 00,115,368 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018mgmt.sys -- (s1018mgmt [On_Demand | Stopped])
DRV - [2008/06/04 07:34:08 | 00,025,768 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018nd5.sys -- (s1018nd5 [On_Demand | Stopped])
DRV - [2008/06/04 07:34:06 | 00,111,784 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018obex.sys -- (s1018obex [On_Demand | Stopped])
DRV - [2008/06/04 07:34:06 | 00,117,544 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s1018unic.sys -- (s1018unic [On_Demand | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/23 22:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\Windows\system32\DRIVERS\tapvpn.sys -- (tapvpn [On_Demand | Running])
DRV - [2007/03/16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/06/28 07:18:10 | 01,310,720 | ---- | M] (C-Media Inc) -- C:\Windows\system32\drivers\CM108.sys -- (USBPNPA [On_Demand | Stopped])
DRV - [2008/09/24 11:29:25 | 00,029,184 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\system32\DRIVERS\VClone.sys -- (VClone [On_Demand | Stopped])
DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\S-1-5-21-1120449131-2099679387-1230050658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\S-1-5-21-1120449131-2099679387-1230050658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 22:36:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/12 16:35:23 | 00,000,000 | ---D | M]

[2008/06/21 16:23:54 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Extensions
[2008/06/21 16:23:54 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/12 13:40:02 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Firefox\Profiles\wkfz9qgz.default\extensions
[2008/04/27 18:54:55 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Firefox\Profiles\wkfz9qgz.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008/12/21 12:21:51 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Firefox\Profiles\wkfz9qgz.default\extensions\firebug@software.joehewitt.com
[2008/12/21 12:21:51 | 00,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\mozilla\Firefox\Profiles\wkfz9qgz.default\extensions\havvocmini@tracescript.net
[2008/12/22 17:18:47 | 00,000,681 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\FireFox\Profiles\wkfz9qgz.default\searchplugins\ask.xml
[2009/04/26 10:17:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 22:36:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/05 14:58:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/26 10:17:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/06/21 16:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2009/04/28 22:36:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 22:36:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (291340 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000..\Run: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1120449131-2099679387-1230050658-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32875f35-a4d0-11dd-a8d9-efd33e04564a}\Shell - "" = AutoRun
O33 - MountPoints2\{32875f35-a4d0-11dd-a8d9-efd33e04564a}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Drivers32: aux1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\system32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.imaadpcm - C:\Windows\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\system32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\system32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\system32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\Windows\system32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\system32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\Windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\Windows\system32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\system32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\system32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/12 23:16:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTListIt2.exe
[2009/05/12 16:39:54 | 00,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2009/05/06 20:44:24 | 00,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\AVG8
[2009/05/04 20:56:44 | 00,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Downloads
[2009/05/02 18:45:48 | 00,000,000 | ---D | C] -- C:\ProgramData\DigitalChocolate
[2009/05/02 18:45:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Double Trump
[2009/05/02 18:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\Digital Chocolate
[2009/04/30 20:08:01 | 00,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2009/04/30 20:08:01 | 00,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
[2009/04/30 20:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2009/04/23 15:28:29 | 00,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Orbit
[2009/04/23 12:55:47 | 00,000,854 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120449131-2099679387-1230050658-1000.job
[2009/04/19 18:11:01 | 00,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Updater
[2009/04/18 10:47:20 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/17 18:34:15 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/17 18:34:15 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/17 18:34:15 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/17 18:34:15 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/17 18:34:15 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/17 18:34:14 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/17 18:34:13 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/17 18:34:13 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/17 18:34:09 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/17 18:34:09 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/17 18:34:09 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/17 18:34:08 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/17 18:34:08 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/17 18:34:08 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/17 18:34:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/17 18:34:08 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/17 18:34:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/17 18:34:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 22:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/01/22 15:09:49 | 00,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2009/01/22 13:16:22 | 00,003,120 | ---- | C] () -- C:\Windows\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2008/12/28 21:58:43 | 00,000,066 | ---- | C] () -- C:\Windows\System32\MASHTWTY.SYS
[2008/11/19 13:47:56 | 00,323,584 | ---- | C] () -- C:\Windows\System32\Integer.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/10 14:13:50 | 00,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/13 11:30:14 | 02,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/04/13 11:30:14 | 00,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/04/13 11:30:14 | 00,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/04/13 11:30:14 | 00,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/03/29 11:14:49 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/19 12:43:39 | 00,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2008/03/19 12:25:21 | 00,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008/03/04 20:33:18 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/01/10 19:16:20 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/01/10 19:15:30 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/06 21:19:28 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/06 01:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,687 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 19:46:56 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/12 23:16:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTListIt2.exe
[2009/05/12 22:58:02 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/12 22:58:02 | 00,638,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/12 22:58:02 | 00,121,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/12 21:32:48 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/12 21:32:48 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/12 20:00:11 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{962BCC4D-9E21-4CC6-90EA-A0724195109E}.job
[2009/05/12 19:32:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/12 19:32:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/12 19:32:41 | 21,470,16704 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 13:08:34 | 36,014,244 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/05/12 13:08:34 | 00,053,116 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/05/11 18:30:55 | 00,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120449131-2099679387-1230050658-1000.job
[2009/05/02 08:45:59 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/02 08:45:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/02 08:45:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/04/30 20:08:01 | 00,131,072 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/04/30 20:08:01 | 00,036,104 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2009/04/30 20:07:40 | 00,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
[2009/04/20 17:34:29 | 00,269,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/18 10:15:23 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:4AF9F1D5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FF6FDABF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0D5573C6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:289A69FA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >



EXTRAS:

OTListIt Extras logfile created on: 12/05/2009 23:17:50 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.31% Memory free
4.00 Gb Paging File | 2.79 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 157.86 Gb Free Space | 52.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMIE-PC
Current User Name: Jamie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{2175B400-26C2-4FEC-86D0-033851A7128F} = RPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32805 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{3F789CBD-F7C1-4617-82BE-FD5D8589E842} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32811 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{548B8CFD-6946-4723-859D-F2CC6FA2AF3A} = LPORT=2869 | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (UPNP-IN) | APP=SYSTEM |
{5B01856F-3A32-490C-AA3E-57A3407C99CE} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32785 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{61372035-8FF2-429B-8ACF-B9E5051FF172} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{742AA853-88C5-418C-AF49-ED51529AC76D} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32789 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{87B186EF-C1BC-4D7F-851F-254868707DCA} = LPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32801 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{C6C0BF8C-5FBC-4E19-84CF-94480D0001D0} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{DC205CBA-2C4B-4F38-9C60-45ABFEB898CE} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32809 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{DF38FC32-5BD7-45E5-813D-B52E6C08F61B} = LPORT=1900 | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (SSDP-IN) | APP=SVCHOST.EXE | SVC=SSDPSRV |

========== Vista Active Application Exception List ==========

{1171C37B-9A06-4E3B-8F85-24EE05B70AEF} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31007 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{17FE631C-855C-428C-84F3-3F3B1F2AB05A} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{1DE3198D-2ABA-42D7-A093-1C1D8F5005AC} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32821 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{3FB31976-055B-4A2E-AE73-2351802B2E39} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{469A1B6D-DA2F-4FEE-BF11-784B13967A97} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE SYNC | APP=C:\PROGRAM FILES\WINDOWS LIVE\SYNC\WINDOWSLIVESYNC.EXE |
{4DA31D26-9558-4196-96D8-2EB740C1925E} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31011 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{53AD2932-9CDD-4F19-A744-38B6603EE615} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=XPERTVISION | APP=C:\PROGRAM FILES\XPERTVISION\TBPANEL.EXE |
{54C57C50-FF5D-46C1-84C3-4172AD3F622C} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=XPERTVISION | APP=C:\PROGRAM FILES\XPERTVISION\TBPANEL.EXE |
{5CF910F6-0EDA-467C-BD83-305BD1534CEE} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{7B236C1C-C6F7-4599-BA68-FE8D6AB978F1} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{A7901439-A6FE-42F4-BFE7-ECE2977CE628} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{A97E37AD-D6A2-4DFB-AF0E-CB5C9FAE45FF} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (UDP-IN) | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{AE6274A6-5D5C-4274-B942-8D1AA500C1C0} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT (TCP-IN) | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{BAB9CD6B-F57C-4E19-A311-81C0BB060F9A} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{BB7B462E-AD08-4092-ACBB-566174C83D5D} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{C0955344-1D35-4D86-BB94-74B1E5808774} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{C67330C8-30F2-4FF9-9563-7DECBCE3D6F7} = PROFILE=PRIVATE | DIR=IN | ACTION=ALLOW | NAME=AVGUPD.EXE | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUPD.EXE |
{FE3D8E93-9DDD-4806-8398-52AB650D591E} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-31003 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
TCP Query User{032E0D9B-2C61-4E91-BBCD-B244BA97797D}C:\program files\java\jre1.6.0_05\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\JAVAW.EXE |
TCP Query User{1F45E283-141D-4B7D-ADC5-C2BB9507DAC0}C:\program files\red alert 2 yuri's revenge\game.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MAIN EXECUTABLE FOR RED ALERT 2 | APP=C:\PROGRAM FILES\RED ALERT 2 YURI'S REVENGE\GAME.EXE |
TCP Query User{2D0D8226-048D-421A-B811-85978D409DCE}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{37FE25CA-D756-4AC3-82AF-FE61F8A7F910}C:\program files\steam\steamapps\snipes262\day of defeat\hl.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\DAY OF DEFEAT\HL.EXE |
TCP Query User{3A630DB5-22F7-4D90-99A3-3DF838E6D259}C:\program files\spacialaudio\sambc\sambc.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SAMBC | APP=C:\PROGRAM FILES\SPACIALAUDIO\SAMBC\SAMBC.EXE |
TCP Query User{3B00425E-7E7E-4FB9-A63D-FED66C51F2CF}C:\program files\secondlife\slvoice.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SLVOICE | APP=C:\PROGRAM FILES\SECONDLIFE\SLVOICE.EXE |
TCP Query User{3CF9E139-9F34-44BF-91BD-2EFAC467C83D}C:\program files\steam\steamapps\snipes262\team fortress classic\hl.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\TEAM FORTRESS CLASSIC\HL.EXE |
TCP Query User{3D354598-56CB-47C1-90CA-7B47F2AD76D7}C:\users\jamie\documents\other programmes & files\sxc new\scriptxcore.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SCRIPTXCORE.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\OTHER PROGRAMMES & FILES\SXC NEW\SCRIPTXCORE.EXE |
TCP Query User{4BF749AB-D028-4926-A15F-26B8F5696EA9}C:\program files\java\jre1.6.0_06\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_06\BIN\JAVAW.EXE |
TCP Query User{4F66CB33-5E5B-4128-8F52-77390DE382E5}C:\users\jamie\desktop\red alert 2\game.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GAME.EXE | APP=C:\USERS\JAMIE\DESKTOP\RED ALERT 2\GAME.EXE |
TCP Query User{52B0277A-E76F-4B44-BD14-407FBA1E1766}C:\program files\sony ericsson\update service\update service.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=UPDATE SERVICE | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
TCP Query User{60395393-F082-4AA3-9523-5A5009D27962}C:\program files\steam\steamapps\snipes262\half-life\hl.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\HALF-LIFE\HL.EXE |
TCP Query User{6939CAAB-DC54-4C2A-89DB-7019A0CDA1B4}C:\users\jamie\desktop\new folder\latestversion.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LATESTVERSION.EXE | APP=C:\USERS\JAMIE\DESKTOP\NEW FOLDER\LATESTVERSION.EXE |
TCP Query User{6E15F03E-C8C7-41D8-B482-D34CECCE23DA}C:\program files\sony\vegas pro 8.0\vegsrv80.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SONY VEGAS NETWORK RENDER SERVICE CONTROL | APP=C:\PROGRAM FILES\SONY\VEGAS PRO 8.0\VEGSRV80.EXE |
TCP Query User{79289D83-52EA-467E-A418-3DA4AD2ECF31}C:\users\jamie\documents\my received files\new folder (2)\axed7.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AXED7.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\MY RECEIVED FILES\NEW FOLDER (2)\AXED7.EXE |
TCP Query User{7E71DB84-5FDA-4528-A8C4-0801BF114F06}C:\program files\steam\steamapps\snipes262\team fortress classic\hl.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\TEAM FORTRESS CLASSIC\HL.EXE |
TCP Query User{8B7B7898-A647-407C-880A-A4F21383CE28}C:\program files\java\jre6\bin\javaw.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE |
TCP Query User{8D9B0011-5D05-44D0-B18D-C99E8AC832EA}C:\program files\red alert 2 yuri's revenge\gamemd.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MAIN EXECUTABLE FOR YURI'S REVENGE | APP=C:\PROGRAM FILES\RED ALERT 2 YURI'S REVENGE\GAMEMD.EXE |
TCP Query User{8E21C0A1-3A8F-451A-871E-DFCC483E9E1E}C:\users\jamie\documents\my received files\aodv9 with files 2\aodv9.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AODV9.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\MY RECEIVED FILES\AODV9 WITH FILES 2\AODV9.EXE |
TCP Query User{9053CAFE-0A95-47F8-9EA0-05A9086D2728}C:\program files\java\jre6\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE |
TCP Query User{9DB1F98F-27AE-4E11-AEF5-3BDE8F409D71}C:\users\jamie\documents\other programmes & files\sxc\sxc.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SXC.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\OTHER PROGRAMMES & FILES\SXC\SXC.EXE |
TCP Query User{A79CD7BB-2B2A-44B0-BC45-6DB0CCCACE97}C:\program files\steam\steamapps\snipes262\half-life\hl.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\HALF-LIFE\HL.EXE |
TCP Query User{AFE3A13E-2AF9-42EC-B642-6A5563A9D21D}C:\program files\hybrid client\hybrid client.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=HYBRID CLIENT | APP=C:\PROGRAM FILES\HYBRID CLIENT\HYBRID CLIENT.EXE |
TCP Query User{B5EF336A-29AE-421E-9D3A-09EC128BB47E}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{C21D38EC-EC31-4EA5-81C1-4249185F19A9}C:\program files\java\jre6\bin\java.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
TCP Query User{C3F71DA8-EF73-43A0-ACA2-EBBA8786FABC}C:\program files\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
TCP Query User{C68F7CA1-6454-4C05-ADB2-63DCB6ECB8BC}C:\program files\java\jre1.6.0_07\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\JAVAW.EXE |
TCP Query User{CA80D4E0-FF08-47E1-8E30-30955666BC3F}C:\program files\sony ericsson\update service\update service.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=UPDATE SERVICE | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
TCP Query User{DD38CBC1-06D9-412E-967E-CF78C955418D}C:\program files\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
TCP Query User{E04CF1B0-0354-4296-993E-40CC872DF655}C:\users\jamie\desktop\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT.EXE | APP=C:\USERS\JAMIE\DESKTOP\UTORRENT.EXE |
TCP Query User{E0F9BE5B-DA04-44DB-AE06-22FB523BB4A3}C:\users\jamie\desktop\aodv9 with files 2\aodv9.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AODV9.EXE | APP=C:\USERS\JAMIE\DESKTOP\AODV9 WITH FILES 2\AODV9.EXE |
TCP Query User{FC4C1677-92B0-45A6-9D00-45217B80FDA6}C:\program files\spacialaudio\sambc\sam2.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SAM2 | APP=C:\PROGRAM FILES\SPACIALAUDIO\SAMBC\SAM2.EXE |
TCP Query User{FD6CD30B-2775-4961-89C7-2FBAAC2E6394}C:\program files\orbitdownloader\orbitnet.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=P2P SERVICE OF ORBIT DOWNLOADER | APP=C:\PROGRAM FILES\ORBITDOWNLOADER\ORBITNET.EXE |
TCP Query User{FDAFB599-1F55-4560-98AA-B7603166B36F}C:\users\jamie\desktop\sxc\sxc.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SXC.EXE | APP=C:\USERS\JAMIE\DESKTOP\SXC\SXC.EXE |
UDP Query User{0E2C8E0D-71A6-43C3-9615-79794BD8AE31}C:\program files\steam\steamapps\snipes262\half-life\hl.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\HALF-LIFE\HL.EXE |
UDP Query User{153CF725-E9AF-41D8-9D87-EDF7CDE8329E}C:\program files\red alert 2 yuri's revenge\gamemd.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MAIN EXECUTABLE FOR YURI'S REVENGE | APP=C:\PROGRAM FILES\RED ALERT 2 YURI'S REVENGE\GAMEMD.EXE |
UDP Query User{15B8E8DD-6637-4A74-9E1B-9A84792995D8}C:\program files\sony ericsson\update service\update service.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=UPDATE SERVICE | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
UDP Query User{26DAB21B-60B3-447E-8701-01ED560C6736}C:\users\jamie\desktop\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT.EXE | APP=C:\USERS\JAMIE\DESKTOP\UTORRENT.EXE |
UDP Query User{2CD4E8F3-DEA5-4867-9243-FD05352DB5C1}C:\users\jamie\desktop\new folder\latestversion.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LATESTVERSION.EXE | APP=C:\USERS\JAMIE\DESKTOP\NEW FOLDER\LATESTVERSION.EXE |
UDP Query User{2D171688-1D2A-4CF2-9796-2F44CC1346EC}C:\users\jamie\documents\my received files\new folder (2)\axed7.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AXED7.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\MY RECEIVED FILES\NEW FOLDER (2)\AXED7.EXE |
UDP Query User{437707E2-5B91-4C8E-B7EF-960B6B937541}C:\users\jamie\desktop\red alert 2\game.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GAME.EXE | APP=C:\USERS\JAMIE\DESKTOP\RED ALERT 2\GAME.EXE |
UDP Query User{52BCA408-C73E-41D0-8177-09A6ED47DD4E}C:\program files\utorrent\utorrent.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
UDP Query User{54F95C2A-1335-45B3-8236-751F3A518E4B}C:\program files\steam\steamapps\snipes262\day of defeat\hl.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\DAY OF DEFEAT\HL.EXE |
UDP Query User{5B3DBD40-0C9F-4ACE-9F16-6333F8F49CCE}C:\program files\secondlife\slvoice.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SLVOICE | APP=C:\PROGRAM FILES\SECONDLIFE\SLVOICE.EXE |
UDP Query User{5E99010E-BA97-4A89-8DF5-F3CE7AD77FA0}C:\users\jamie\desktop\aodv9 with files 2\aodv9.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AODV9.EXE | APP=C:\USERS\JAMIE\DESKTOP\AODV9 WITH FILES 2\AODV9.EXE |
UDP Query User{695438DE-A3D7-40DA-9D5F-B541095BB9C3}C:\program files\java\jre1.6.0_06\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_06\BIN\JAVAW.EXE |
UDP Query User{6A25EBD3-D569-4DA8-B8AC-9E9C50FD444A}C:\program files\steam\steamapps\snipes262\half-life\hl.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\HALF-LIFE\HL.EXE |
UDP Query User{7AD00165-9DF9-4B83-96A1-9E6B43B5CDEE}C:\program files\java\jre1.6.0_07\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\JAVAW.EXE |
UDP Query User{7EEED933-BCC8-4D82-AACF-E63CE20B602A}C:\program files\orbitdownloader\orbitnet.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=P2P SERVICE OF ORBIT DOWNLOADER | APP=C:\PROGRAM FILES\ORBITDOWNLOADER\ORBITNET.EXE |
UDP Query User{84751D52-5C35-485B-A555-EB8E3EB2A5D0}C:\program files\sony ericsson\update service\update service.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=UPDATE SERVICE | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
UDP Query User{87644DD5-364C-49C5-BA91-47C86A0B3326}C:\program files\red alert 2 yuri's revenge\game.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MAIN EXECUTABLE FOR RED ALERT 2 | APP=C:\PROGRAM FILES\RED ALERT 2 YURI'S REVENGE\GAME.EXE |
UDP Query User{894F3ECE-365C-43DC-98D7-8822871B5AC8}C:\users\jamie\desktop\sxc\sxc.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SXC.EXE | APP=C:\USERS\JAMIE\DESKTOP\SXC\SXC.EXE |
UDP Query User{9480CFCF-BEE5-4CEA-AB9C-A15925FCA742}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{A701E47F-F359-4AF1-8E99-5FADE6CA7AA1}C:\program files\hybrid client\hybrid client.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HYBRID CLIENT | APP=C:\PROGRAM FILES\HYBRID CLIENT\HYBRID CLIENT.EXE |
UDP Query User{B58D8DFC-0F08-41DE-8F2E-0EB1EA9D2695}C:\program files\steam\steamapps\snipes262\team fortress classic\hl.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\TEAM FORTRESS CLASSIC\HL.EXE |
UDP Query User{B6568608-5FE1-461F-8CD9-10E1ED5645A9}C:\program files\spacialaudio\sambc\sam2.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SAM2 | APP=C:\PROGRAM FILES\SPACIALAUDIO\SAMBC\SAM2.EXE |
UDP Query User{C62414B5-1ADB-4F03-BDA9-6CB0E269DE23}C:\program files\utorrent\utorrent.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=UTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
UDP Query User{C7428D5F-D543-48AE-B417-2A208EF27BF6}C:\program files\java\jre6\bin\javaw.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE |
UDP Query User{C967D762-6759-44C1-83D7-9E2D3B2751AD}C:\users\jamie\documents\other programmes & files\sxc\sxc.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SXC.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\OTHER PROGRAMMES & FILES\SXC\SXC.EXE |
UDP Query User{D18A837F-8C56-4B7C-8FE4-FC38A566CAE5}C:\program files\java\jre1.6.0_05\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\JAVAW.EXE |
UDP Query User{D62B9F12-8E27-48D1-8554-7C1908972207}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{D76217E4-2995-44F4-B6C8-061F5E7BFF7A}C:\program files\java\jre6\bin\java.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
UDP Query User{D9C39820-D055-4074-86DA-6EFC297687C3}C:\program files\steam\steamapps\snipes262\team fortress classic\hl.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=HALF-LIFE LAUNCHER | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\SNIPES262\TEAM FORTRESS CLASSIC\HL.EXE |
UDP Query User{DBC5DCE9-A3F4-4F02-AAAC-23BD74E11AEB}C:\program files\java\jre6\bin\javaw.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE |
UDP Query User{DC4B55A6-1F71-4171-BA71-B8B830BF1CE6}C:\program files\spacialaudio\sambc\sambc.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SAMBC | APP=C:\PROGRAM FILES\SPACIALAUDIO\SAMBC\SAMBC.EXE |
UDP Query User{DFC1A1AE-B6C4-4399-98D0-AAB8F68A2B9F}C:\users\jamie\documents\other programmes & files\sxc new\scriptxcore.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SCRIPTXCORE.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\OTHER PROGRAMMES & FILES\SXC NEW\SCRIPTXCORE.EXE |
UDP Query User{EB78BE3D-00D4-4EDD-AD61-71401BD9D317}C:\users\jamie\documents\my received files\aodv9 with files 2\aodv9.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AODV9.EXE | APP=C:\USERS\JAMIE\DOCUMENTS\MY RECEIVED FILES\AODV9 WITH FILES 2\AODV9.EXE |
UDP Query User{FF7088EC-E438-4A8D-A822-DBE4D7CB587B}C:\program files\sony\vegas pro 8.0\vegsrv80.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SONY VEGAS NETWORK RENDER SERVICE CONTROL | APP=C:\PROGRAM FILES\SONY\VEGAS PRO 8.0\VEGSRV80.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"02701e24-f034-4ba4-9088-767678ce030d" = Tower Bloxx Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArtMoney SE v7.15" = ArtMoney SE v7.15
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"GhostMouse 2.0" = GhostMouse 2.0
"GoldWave v5.20" = GoldWave v5.20
"HotspotShield" = Hotspot Shield 1.14
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.6.2
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP3 Rocket" = MP3 Rocket
"MySQL Servers and Clients 3.23.52" = MySQL Servers and Clients 3.23.52
"NVIDIA Drivers" = NVIDIA Drivers
"PluginPac" = DebugMode PluginPac (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Update Service" = Update Service
"Videora iPod Converter" = Videora iPod Converter 4.04
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR" = WinRAR
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XpertVision_is1" = XpertVision 5.9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YouTube Downloader App" = YouTube Downloader App 1.01
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1120449131-2099679387-1230050658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2009 12:02:52 | Computer Name = Jamie-PC | Source = Application Error | ID = 1000
Description = Faulting application hsssrv.exe, version 1.0.0.1, time stamp 0x49d641d6,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x000659c3, process id 0x150, application start time
0x01c9cfdb330e6e28.

Error - 09/05/2009 18:48:41 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 09/05/2009 19:48:41 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 09/05/2009 20:48:41 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 09/05/2009 21:48:41 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 09/05/2009 22:48:41 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 09/05/2009 23:16:51 | Computer Name = Jamie-PC | Source = Windows Search Service | ID = 3084
Description =

Error - 11/05/2009 18:19:49 | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 12/05/2009 08:08:35 | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 12/05/2009 11:37:43 | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 16/04/2008 15:59:18 | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 09/05/2009 03:58:43 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 09/05/2009 12:12:31 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 09/05/2009 18:39:11 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 10/05/2009 05:46:34 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 10/05/2009 16:47:04 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 11/05/2009 08:10:18 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 12/05/2009 08:07:10 | Computer Name = Jamie-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0018E72D788A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/05/2009 08:07:09 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 12/05/2009 12:07:01 | Computer Name = Jamie-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/05/2009 14:32:47 | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:14 PM

Posted 12 May 2009 - 05:54 PM

Thanks for the feedback.
  • Please open OTListTt2.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      explorer.exe
      :files
      C:\Users\Jamie\AppData\Roaming\Mozilla\FireFox\Profiles\wkfz9qgz.default\searchplugins\ask.xml
      :otli
      FF - prefs.js..browser.search.defaultenginename: "Ask"
      FF - prefs.js..browser.search.order.1: "Ask"
      FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q="
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
      :commands
      [start explorer]
      [emptytemp]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply also tell me if you still get ask.com in Firefox.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#5 FRISC0

FRISC0
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 13 May 2009 - 10:05 AM

I didn't get a log afterwards but now if i put something random into the url bar for example 'oijsfthisjdh'

I get this: jar:file:///C:/Program%20Files/Mozilla%20Firefox/chrome/en-GB.jar!/locale/browser-region/region.propertiesoijsfthisjdh

So theres no more Ask.com!

Also a few things appeared on my desktop just after the programme asked me to reboot. Here is a print screen of the 6 items that appeared:

Posted Image

Heres is a C&P of the full text in no.2 (maybe linked with itunes or something?) :
[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=AMG&albumID=9E49B96C-E175-4B88-8728-EC9B38AA1932&a_id=R%20%20%20658240&album=Life%20for%20Rent&artistID=14F033D8-C5A9-4E4B-8DDE-AFC1F219FB2B&p_id=P%20%20%20%2070992&artist=Dido&locale=409&geoid=f2&version=11.0.6001.7000&userlocale=809
What shall I do with these?


Malware log:
Malwarebytes' Anti-Malware 1.36
Database version: 2122
Windows 6.0.6001 Service Pack 1

13/05/2009 16:04:40
mbam-log-2009-05-13 (16-04-40).txt

Scan type: Quick Scan
Objects scanned: 68433
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:14 PM

Posted 13 May 2009 - 02:17 PM

Nice job providing the screen shot and the feedback. :thumbup2:
  • Delete those 4 Albums from your desktop but Don't remove those two desktop.ini files as they are system files that should be hidden again.
    Then go to start => Control Panel =>open Folder Options => under View tab put a checkmark in the box next to Hide protected operating system files (recommended) option. Click Apply.

  • Open Firefox. Locate a big blue G letter at the top right of the page next to the address bar (not the one next to the search box). Click next to it to open then select: Mange search engines...
    Select Google and move it to the first option. Remove any search engine you don't like.

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
Please tell me if you have any issue left.

Edited by farbar, 13 May 2009 - 02:17 PM.


#7 FRISC0

FRISC0
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 14 May 2009 - 02:42 AM

I went to
http://www.java.com/en/download/dt_verify....rs_jre=1.6.0_13
to get it instead as I couldn't understand the other website trying to download something else.
Anyways, I did this and got this:

Verifying Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 13).

If you want to download Java for another computer or Operating System, see all Java downloads here.

For updates on Java and Java-enabled applications (desktop and mobile), please sign up for the java.com newsletter.
To find out if Java is working on your system please visit:
Test your Java Virtual Machine (JVM)


and my add./remove says I already have the current version. Although you said there are older versions I can't see them on Add/Remove. Are they still on my system?

I've not done task 1 yet because I found this in my music folder and I wanted to know, should I keep these here? Will they not work anymore if I remove them (iTunes)?
Posted Image

Thanks :thumbup2:

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:14 PM

Posted 14 May 2009 - 06:08 AM

My bad, You are right about Java, you had already the latest version. I don't know how Ihave noted down that Java should be updated. I apologize for inconvenience.

They seem to be the cover of the music albums you have downloaded. In order to play the music files you don't need the cover. Some people burn the music files and use the cover for the CD they are burning.
If you know those 4 files and want to keep them, you can better move them to the same folder. You don't need them on the desktop. But the ini files are part of Vista and should be kept there.

Edited by farbar, 14 May 2009 - 06:40 AM.


#9 FRISC0

FRISC0
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 14 May 2009 - 08:19 AM

Thankyou for your help everything is perfect now :thumbup2:!

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:14 PM

Posted 14 May 2009 - 04:13 PM

You are welcome, glad I could help.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users