Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links hijacked in Firefox


  • This topic is locked This topic is locked
41 replies to this topic

#1 adamcullen

adamcullen

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 22 October 2009 - 06:03 AM

Hi all,

first time on these forums. Seeking assistance by one of the guru's here.

I keep having Google links hijacked in Firefox. I have tried lots of spyware removals, including Malwarebytes'.

Here is my HijcakThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:56 PM, on 22/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [kbddbClient] rundll32.exe "C:\Users\MediaCentre\AppData\Local\kbddbClient\kbddbClient.dll", DllInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9656 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 31 October 2009 - 10:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 31 October 2009 - 07:32 PM

Hi and thank you for agreeing to assist me.

Here art the OTL files you requested.

OTL.txt

OTL logfile created on: 1/11/2009 11:17:14 AM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = D:\Users\MediaCentre\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 40.84% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 14.83 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 497.40 Gb Total Space | 154.39 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 98.77 Gb Total Space | 77.85 Gb Free Space | 78.82% Space Free | Partition Type: NTFS

Computer Name: MEDIACENTRE-PC
Current User Name: MediaCentre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/01 11:16:04 | 00,528,384 | ---- | M] (OldTimer Tools) -- D:\Users\MediaCentre\Desktop\OTL.exe
PRC - [2009/11/01 10:17:47 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 10:17:47 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 10:17:47 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/22 16:58:40 | 02,719,744 | ---- | M] (SoundGraph, Inc.) -- C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe
PRC - [2009/10/17 08:58:20 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/12 21:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/10 13:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/10/09 22:07:25 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/10/09 22:07:25 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/26 00:19:02 | 03,058,624 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/09/26 00:19:02 | 03,058,624 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/09/05 02:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 22:34:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/25 22:34:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/25 22:34:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/25 22:34:28 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/25 22:34:28 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/17 02:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/17 02:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/03/28 21:06:39 | 00,189,672 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/03/28 21:06:39 | 00,189,672 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/03/09 16:22:44 | 00,090,112 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 00,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/02/22 18:10:04 | 00,070,968 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/12 15:04:00 | 02,908,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe
PRC - [2009/01/12 15:04:00 | 02,908,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe
PRC - [2009/01/12 15:04:00 | 02,908,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe
PRC - [2005/08/11 23:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/11 18:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe
SRV:64bit: - [2008/01/19 19:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll
SRV:64bit: - [2008/01/19 19:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SRV - [2009/08/25 22:34:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
SRV - [2009/08/25 22:34:28 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
SRV - [2009/08/17 02:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SRV - [2009/03/30 15:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2009/03/30 15:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
SRV - [2009/03/28 21:06:39 | 00,189,672 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
SRV - [2009/02/22 18:10:04 | 00,070,968 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
SRV - [2009/02/19 05:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
SRV - [2009/02/19 05:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2009/02/16 17:57:48 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SRV - [2008/01/19 19:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
SRV - [2008/01/19 19:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe
SRV - [2007/05/31 17:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll
SRV - [2007/05/31 17:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll
SRV - [2006/11/03 02:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll
SRV - [2006/11/03 00:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc
SRV - [2006/11/02 17:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
SRV - [2006/11/02 17:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SRV - [2004/12/13 05:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


========== Driver Services (SafeList) ==========

DRV - [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
DRV - [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys
DRV - [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
DRV - [2009/09/25 09:59:43 | 00,121,280 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys
DRV - [2009/08/23 14:10:34 | 00,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
DRV - [2009/08/13 11:46:32 | 00,147,968 | ---- | M] () -- C:\Windows\SysWOW64\drivers\ArcHlp.sys
DRV - [2009/05/25 23:01:38 | 00,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\SysWOW64\ElbyCDIO.dll
DRV - [2009/02/24 18:35:44 | 00,255,552 | ---- | M] (MagicISO, Inc.) -- C:\Windows\SysWOW64\drivers\mcdbus.sys
DRV - [2008/12/02 03:47:34 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
DRV - [2008/11/30 20:28:56 | 00,000,000 | ---D | M] -- C:\Windows\CSC
DRV - [2008/01/19 18:36:56 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winusb.dll
DRV - [2006/09/19 08:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
DRV - [2006/09/18 08:50:18 | 00,022,784 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\SysWOW64\drivers\afc.sys


========== Modules (SafeList) ==========

MOD - [2009/11/01 11:16:04 | 00,528,384 | ---- | M] (OldTimer Tools) -- D:\Users\MediaCentre\Desktop\OTL.exe
MOD - [2009/10/13 17:41:50 | 00,073,728 | ---- | M] () -- C:\Users\MediaCentre\AppData\Local\kbddbClient\kbddbClient.dll
MOD - [2009/07/18 00:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/04/11 17:28:25 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/04/11 17:28:24 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/04/11 17:28:18 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/04/11 17:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/02/14 03:22:35 | 00,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2008/01/19 18:37:12 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/19 18:36:48 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/19 18:36:35 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\S-1-5-21-4098504633-1038546326-2246272219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 192.168.0.1, 192.168.0.2"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/06/20 10:07:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/01 10:17:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/28 06:53:03 | 00,000,000 | ---D | M]

[2009/08/22 21:06:25 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/08/23 00:09:35 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 18:21:49 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions
[2008/12/17 07:35:48 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/17 07:35:48 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Extensions
[2008/12/17 07:35:48 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Extensions
[2008/12/17 07:35:48 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/31 18:21:49 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions
[2009/08/23 00:09:35 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/22 21:06:25 | 00,000,000 | ---D | M] -- C:\Users\MediaCentre\AppData\Roaming\Mozilla\Firefox\Profiles\21gbt332.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/10/21 18:41:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/23 17:13:32 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/03/29 21:41:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/24 20:48:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/15 22:42:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2009/11/01 10:17:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/31 18:21:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/31 18:21:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/01 10:17:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/15 22:42:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2009/03/24 20:48:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/29 21:41:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/23 17:13:32 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/21 18:41:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/01 10:17:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/01 10:17:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/26 03:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/26 03:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/26 03:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/25 07:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/30 22:11:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/26 03:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (757 bytes) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe (SoundGraph, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [kbddbClient] C:\Users\MediaCentre\AppData\Local\kbddbClient\kbddbClient.DLL ()
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000_Classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-4098504633-1038546326-2246272219-1000_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\\nlaapi.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\\NapiNSP.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\\pnrpnsp.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\\pnrpnsp.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\\wshbth.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\\winrnr.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\\MSVidCtl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\\MSVidCtl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\\mshtml.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\\urlmon.dll File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\\userinit.exe File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\\DreamScene.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6344489-f856-11dd-8e16-0017facebf2a}\Shell - "" = AutoRun
O33 - MountPoints2\{d6344489-f856-11dd-8e16-0017facebf2a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 11:16:36 | 00,528,384 | ---- | C] (OldTimer Tools) -- D:\Users\MediaCentre\Desktop\OTL.exe
[2009/10/31 18:03:03 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/29 21:09:05 | 02,621,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2009/10/29 21:09:05 | 02,424,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2009/10/29 21:09:05 | 00,057,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2009/10/29 21:09:05 | 00,043,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2009/10/29 21:08:49 | 00,700,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2009/10/29 21:08:49 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/29 21:08:49 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2009/10/29 21:08:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/29 21:08:49 | 00,038,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2009/10/29 21:08:49 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/29 21:08:39 | 00,185,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2009/10/29 21:08:39 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/29 21:08:39 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2009/10/29 21:08:39 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/29 03:00:37 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2009/10/29 03:00:37 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2009/10/29 03:00:36 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2009/10/29 03:00:36 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2009/10/29 03:00:35 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2009/10/29 03:00:35 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2009/10/29 00:29:56 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/29 00:29:56 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2009/10/29 00:29:55 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/29 00:29:54 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/29 00:29:52 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/29 00:29:52 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/28 06:52:46 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/22 21:45:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/21 18:54:40 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/21 18:54:40 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/21 18:54:12 | 00,000,000 | ---D | C] -- C:\Users\MediaCentre\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/21 18:54:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/10/21 18:52:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2009/10/21 18:50:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/21 18:50:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/21 18:50:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/21 18:41:19 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/10/21 18:41:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/10/21 18:41:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/10/21 07:01:17 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/10/20 21:53:11 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2009/10/20 21:51:34 | 00,008,704 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/10/20 21:49:23 | 00,000,000 | ---D | C] -- C:\Users\MediaCentre\AppData\Roaming\Malwarebytes
[2009/10/20 21:49:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/20 21:49:16 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/20 21:49:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/20 21:49:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/20 21:49:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/20 21:44:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/20 21:44:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/20 20:17:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/10/20 20:17:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/10/20 20:16:25 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/10/20 20:16:25 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/10/20 20:16:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2009/10/20 07:04:34 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2009/10/20 07:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/19 19:20:26 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/19 08:51:30 | 00,000,000 | ---D | C] -- C:\Users\MediaCentre\AppData\Roaming\DivX
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Videos
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Pictures
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Music
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Favorites
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Downloads
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Documents
[2009/10/18 21:59:49 | 00,000,000 | R--D | C] -- C:\Users\MediaCentre\Desktop
[2009/10/18 10:24:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
[2009/10/17 23:20:46 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/17 20:10:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/10/17 20:10:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2009/10/17 20:10:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2009/10/17 17:58:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Partition Wizard Home Edition 4.1
[2009/10/17 17:07:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TouchStoneSoftware
[2009/10/17 16:46:02 | 00,000,000 | ---D | C] -- C:\Users\MediaCentre\Temp
[2009/10/17 16:31:29 | 00,000,000 | ---D | C] -- C:\Users\MediaCentre\AppData\Local\kbddbClient
[2009/10/15 21:08:25 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/15 21:08:05 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/15 21:08:05 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/15 21:08:01 | 09,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/15 21:08:01 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/15 21:08:00 | 12,461,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/15 21:07:59 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/15 21:07:59 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/15 21:07:58 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/10/15 21:07:58 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/15 21:07:58 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/15 21:07:58 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/15 21:07:58 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/15 21:07:57 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/15 21:07:57 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/10/15 21:07:57 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/15 21:07:57 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/15 21:07:57 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/10/15 21:07:57 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/15 21:07:57 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/15 21:07:57 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/15 21:07:57 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/10/15 21:07:57 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/10/15 21:07:57 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/10/15 21:07:57 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/15 21:07:57 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/15 21:07:57 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/15 21:07:57 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/15 21:07:57 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/15 21:07:57 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/15 21:07:57 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/10/15 21:07:57 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/15 21:07:57 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/10/15 21:07:57 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/10/15 21:07:57 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/15 21:07:57 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/15 21:07:57 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/15 21:07:57 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/15 21:07:57 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/15 21:07:57 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/10/15 21:07:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/15 21:07:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/15 21:07:57 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/15 21:07:20 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/15 21:07:20 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/15 21:07:17 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/15 21:07:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/15 21:07:15 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/11 22:40:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2009/10/11 22:40:42 | 00,000,000 | ---D | C] -- D:\Users\MediaCentre\Documents\My Videos
[2009/10/11 22:40:42 | 00,000,000 | ---D | C] -- D:\Users\MediaCentre\Documents\My Music
[2009/10/03 02:44:16 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2008/12/04 17:59:09 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\MediaCentre\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\MediaCentre\AppData\Local\*.tmp files -> C:\Users\MediaCentre\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/01 11:16:56 | 02,621,440 | -HS- | M] () -- C:\Users\MediaCentre\NTUSER.DAT
[2009/11/01 11:16:04 | 00,528,384 | ---- | M] (OldTimer Tools) -- D:\Users\MediaCentre\Desktop\OTL.exe
[2009/11/01 10:05:06 | 00,005,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 10:05:06 | 00,005,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 00:29:20 | 44,519,940 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/11/01 00:29:20 | 00,068,428 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/10/31 20:51:55 | 00,145,920 | ---- | M] () -- C:\Users\MediaCentre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 18:05:20 | 00,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/31 18:05:20 | 00,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/31 18:05:20 | 00,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/31 18:05:20 | 00,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/31 18:05:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/31 18:05:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/31 18:03:26 | 00,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/31 18:03:22 | 00,524,288 | -HS- | M] () -- C:\Users\MediaCentre\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2009/10/31 18:03:22 | 00,065,536 | -HS- | M] () -- C:\Users\MediaCentre\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2009/10/31 18:03:19 | 02,426,060 | -H-- | M] () -- C:\Users\MediaCentre\AppData\Local\IconCache.db
[2009/10/28 06:53:04 | 00,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/10/25 15:50:51 | 00,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/25 15:50:51 | 00,667,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/25 15:50:51 | 00,133,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/25 14:12:00 | 00,001,868 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre 3.lnk
[2009/10/25 04:16:26 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/10/24 16:07:41 | 00,383,562 | RHS- | M] () -- C:\bootmgr
[2009/10/24 12:53:52 | 00,438,840 | RHS- | M] () -- C:\bootxe1
[2009/10/24 12:53:52 | 00,171,136 | RHS- | M] () -- C:\XELD1
[2009/10/24 12:53:52 | 00,009,216 | RHS- | M] () -- C:\XELD1.1st
[2009/10/21 07:01:30 | 00,008,704 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/10/20 21:49:21 | 00,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/20 20:22:52 | 00,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2009/10/20 20:17:19 | 00,000,002 | ---- | M] () -- C:\Windows\SysWow64\Dvbpws.dll
[2009/10/20 07:05:01 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/10/19 08:45:29 | 00,000,152 | ---- | M] () -- D:\Users\MediaCentre\Desktop\Senate Committee - Coms.url
[2009/10/17 19:28:02 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/10/17 19:28:01 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/10/17 18:56:10 | 00,001,034 | ---- | M] () -- C:\Windows\pwcmdlist.bak
[2009/10/17 18:06:19 | 61,064,4501 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/11 22:51:56 | 00,001,919 | ---- | M] () -- D:\Users\MediaCentre\Desktop\iMEDIAN HD.lnk
[2009/10/10 18:54:52 | 00,001,700 | -H-- | M] () -- D:\Users\MediaCentre\Documents\Default.rdp
[2009/10/09 21:23:27 | 00,000,671 | ---- | M] () -- C:\Users\MediaCentre\AppData\Roaming\vso_ts_preview.xml
[2009/10/02 11:40:20 | 26,575,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\MediaCentre\AppData\Local\*.tmp files -> C:\Users\MediaCentre\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/28 06:53:04 | 00,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/10/25 14:12:00 | 00,001,868 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre 3.lnk
[2009/10/24 12:53:52 | 00,438,840 | RHS- | C] () -- C:\bootxe1
[2009/10/24 12:53:52 | 00,171,136 | RHS- | C] () -- C:\XELD1
[2009/10/24 12:53:52 | 00,009,216 | RHS- | C] () -- C:\XELD1.1st
[2009/10/20 21:49:21 | 00,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/20 20:22:42 | 00,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2009/10/20 07:05:01 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/10/19 20:41:21 | 00,423,622 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_vcredistMSI3A33.txt
[2009/10/19 20:41:21 | 00,011,614 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_vcredistUI3A36.txt
[2009/10/19 20:41:20 | 00,012,490 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_vcredistUI3A33.txt
[2009/10/19 08:45:09 | 00,000,152 | ---- | C] () -- D:\Users\MediaCentre\Desktop\Senate Committee - Coms.url
[2009/10/17 19:28:00 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/10/17 19:28:00 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/10/17 18:56:10 | 00,001,034 | ---- | C] () -- C:\Windows\pwcmdlist.bak
[2009/10/17 18:06:19 | 61,064,4501 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/17 17:58:20 | 00,510,008 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2009/10/17 17:58:19 | 00,019,912 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2009/10/17 17:58:19 | 00,013,264 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2009/10/11 22:51:56 | 00,001,919 | ---- | C] () -- D:\Users\MediaCentre\Desktop\iMEDIAN HD.lnk
[2009/10/10 18:54:12 | 00,001,700 | -H-- | C] () -- D:\Users\MediaCentre\Documents\Default.rdp
[2009/09/28 23:47:59 | 00,000,145 | ---- | C] () -- C:\Windows\StarryNight.ini
[2009/09/05 00:05:08 | 00,000,152 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\avedesktopsites.ini
[2009/08/23 17:11:19 | 00,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/23 17:10:01 | 00,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/23 14:53:45 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/23 14:52:01 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/23 13:16:55 | 02,426,060 | -H-- | C] () -- C:\Users\MediaCentre\AppData\Local\IconCache.db
[2009/08/17 17:23:20 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/03 01:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 07:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2009/05/29 17:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 17:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/15 11:26:20 | 00,000,671 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\vso_ts_preview.xml
[2009/02/26 22:17:49 | 00,735,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/16 22:02:16 | 00,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/02/06 20:40:56 | 00,147,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2009/01/10 23:16:56 | 00,069,349 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/01/10 23:16:38 | 00,004,354 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\uxeventlog.txt
[2009/01/10 23:16:38 | 00,000,596 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_dotnetfx3error.txt
[2009/01/10 23:16:37 | 00,058,850 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_dotnetfx3install.txt
[2008/12/07 11:50:42 | 00,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll
[2008/12/07 11:47:44 | 00,000,006 | -HS- | C] () -- C:\Users\MediaCentre\AppData\Roaming\desktop.ini
[2008/12/07 11:47:44 | 00,000,006 | -HS- | C] () -- C:\Users\MediaCentre\AppData\Local\desktop.ini
[2008/12/07 10:33:05 | 00,540,738 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_vcredistMSI769C.txt
[2008/12/07 10:33:03 | 00,014,366 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\dd_vcredistUI769C.txt
[2008/12/05 16:09:35 | 00,145,920 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/04 17:59:32 | 00,000,034 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\pcouffin.log
[2008/12/04 17:59:09 | 00,099,384 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\inst.exe
[2008/12/04 17:59:09 | 00,007,859 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\pcouffin.cat
[2008/12/04 17:59:09 | 00,001,167 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\pcouffin.inf
[2008/12/04 17:58:17 | 00,000,226 | ---- | C] () -- C:\Users\MediaCentre\AppData\Roaming\burnaware.ini
[2008/12/03 23:52:28 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/12/02 01:16:09 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/11/30 20:38:16 | 00,050,168 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/11/30 20:36:36 | 00,001,460 | ---- | C] () -- C:\Users\MediaCentre\AppData\Local\d3d9caps64.dat
[2008/09/12 17:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/09/04 13:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 21:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/03 02:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/03 02:06:34 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/03 02:06:34 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/03 02:06:34 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/03 02:06:34 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 23:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 23:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:66633281
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:0888F409
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >


Extras.txt

OTL Extras logfile created on: 1/11/2009 11:17:14 AM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = D:\Users\MediaCentre\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 40.84% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 14.83 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 497.40 Gb Total Space | 154.39 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 98.77 Gb Total Space | 77.85 Gb Free Space | 78.82% Space Free | Partition Type: NTFS

Computer Name: MEDIACENTRE-PC
Current User Name: MediaCentre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 64 62 AB 3F 8D 55 C9 01 [binary data]
"VistaSp2" = DE 3B DE 20 AE 23 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4098504633-1038546326-2246272219-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AAC45B-E4DA-4EFC-9358-3B7E7C0DC7E0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{05AEE49A-66F6-437E-ABBF-7C8ED791B182}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{06655643-02A1-4D9C-B99B-2173AAE69F16}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BBC21E7-8296-47C9-A198-7B3C158BB23E}" = lport=3389 | protocol=6 | dir=in | app=system |
"{0F7F361F-E85E-43D1-90A3-1194F54CBE7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{12B18307-0F86-47F6-9791-1EBEDC67E60F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{176503B8-6A2A-4391-A9E3-004690A75D57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1C9D9EF1-1B28-4663-8D6E-920A3166AF6C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D048BD5-A404-4EFF-A995-381696FD9287}" = lport=2869 | protocol=6 | dir=in | app=system |
"{229C6C81-3774-479C-8AAB-0176EB828F1A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2340554E-CF56-4305-9BB8-883674CF92E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{279CD640-755F-47D0-ABE6-FDAB3FA6A2AE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49A0086C-0BB6-45E5-AC68-A3D53F584F61}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4D13D45F-4649-43AF-A8A7-F353CB414BDA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4DC66C7B-E21C-46B1-8046-8ADC620D5E92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51A1672B-2C56-49EC-A7A9-0D1D7E365059}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{586694BE-E994-4DF8-AFF8-594AE72E57CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5921B8A2-D1B9-41D5-AE39-BF1548A28F89}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F5AF6E5-1C33-4F0A-B81C-D4DFE83064CC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5FED52DB-C354-4B61-9438-DF37D048D0D4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{603FD253-1578-4C93-ADBE-8AF392DAD4B9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{616C52B1-3A1A-4260-949A-18F912792EFD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D6E3204-4D62-4147-8EF0-39991FB172F4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F109EBC-DD99-4839-BC48-FDB84BD28926}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{71E09386-75CE-4189-8449-BEB8D16D3E5E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73439BF8-C13C-4BA1-AAD1-59EF128644FC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{73B73954-9057-4A91-AAEC-5B06488892C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7B140662-163D-485B-98F7-3EEC82250BEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7B617184-085E-41B2-A9C4-03220DA87261}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7CD024F9-DB66-45B9-BAE3-19B577782865}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D29AF54-9453-49B3-8D11-3AAD22BC434F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{81636F90-34B9-49B2-B6DC-A9031C6BB77B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B30A291-0250-41D5-9C6A-33D0E86FB970}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B32BF2C-2B37-42A5-90C3-EC76F5AD9C84}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9CAEFC31-4B36-4429-8821-44DDDCB89771}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A24D03FE-9D2A-49D3-BB69-9A5F7A7ED85A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A6D1ED72-D92F-4696-92FA-84266B2A9451}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A95EE28D-996E-4C5E-8E64-A467E4471E5E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA9A5683-01DD-4D0B-A83D-01E74CBF1909}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AABBB0E4-2659-4692-92DF-B44C4CC31786}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B7AAE493-C4C5-40C1-BB95-E087A0D660F2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BC4ABDDA-950F-4D61-B9EA-23AC4CEB56A3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C9CAFB83-6202-44D7-8F3B-19FC2ED60F79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CC11E32B-3C4C-4628-89CF-B54416498EB6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1698AA7-F8B2-4DA7-BF10-A839F9692639}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D7DB07EC-6010-4331-9DF9-504F6880E241}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DEA82D78-875F-470A-B42C-0912E3C1C6C1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E817EA3E-3DF5-4BFF-BDCB-003D8E8CA7BC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF88C7DE-E2DE-40B3-BBE7-080F86F9BF8B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1AB9C58-53EB-4C59-8EFC-5AFDB632ABBA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF2B163B-F375-4308-A93F-95687C4B0744}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00669AE7-B574-41CD-8E1E-2539BA8B8A90}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03597C79-921C-4247-8368-759806AF04AF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{07E79B43-F99B-4A02-8C99-ED0D4C248AC3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E37EB95-380A-4DEB-8192-406495B4D97A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14F40DB2-B8F5-4831-B522-EBEE8A580C47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{17FA82CC-2D1C-4984-B94F-93FEA655CA12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19E4E36E-8F3C-4B3D-A01F-0E5E70E1677C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C418D0A-2B0F-4753-A062-6E9236D5418A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{21224A83-28B3-471A-AE0E-B1F91FFF1E53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{230B23DA-01BF-43CC-B84C-B4041E661245}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{257390CC-5686-4B2A-86EB-60FC7CE14E54}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F5F4FED-7F18-4085-AAA0-01CAAB220FC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{305FBB57-A460-4771-94C6-5FA5DBA48C13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{367F5B14-5F09-4F19-99E0-AA3EE2F00AAB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A983773-AC3E-448A-B512-FFEE9E6A7081}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3ED77DFC-9970-4BBF-8D9B-B615BA7D46C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4122C9A4-6F7F-4A86-B464-661C71DAC751}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{47BD55A4-7B2A-4C6C-9DAD-B090F75452D9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{47E9A794-557C-4D82-BD4D-40E872152285}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4BE8E756-6A50-4B85-858F-70366F62D823}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4D6CB2D4-5039-44BE-A067-2F0072B4EBE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51D98A62-D30E-41CF-81F0-3459F5D46129}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{58DBD9EF-AE71-4736-A04E-42C213F27037}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{593E1CDF-5B9F-41CC-A72E-136DF526E225}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A71395E-78C6-464F-A173-1BA38335BBAF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5FC394FD-6BB5-4484-BEE7-CB985D873926}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{60793EE7-9D66-4543-92DF-A415F59FB369}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{63BE4ABC-D322-4F0A-98A2-709033571EF2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65AA8605-A98B-4A97-9A84-AF614C82EDCF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D7D4965-A3DA-440E-AF3A-5B28855D643C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D826C80-EB8C-403F-8F67-1437536BC1DB}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{7B56C3B8-D915-4F48-9602-C41CACB02FD0}" = protocol=6 | dir=out | app=system |
"{826225A6-0A5A-4646-9928-36B3AD551DCD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{855AC0DB-B6C2-40E8-9F1B-50316065F304}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86D49EA2-47A6-4DE4-8A2D-07F61DD5C07D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8764B0B2-3F5D-4624-916E-0630E756B93B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89D62344-96DD-46BD-AF83-CAA5B25037FA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DB9AAD3-934D-40FC-840B-B1867B5C36EF}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{8DC3E881-FBE8-43F1-8756-E690AF502991}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F92AA5C-8E88-4B4A-B4DA-C1B21F75CE58}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91A7D7B5-DC6E-4629-86A8-D454E871226D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EEC2C9E-FFBF-4F87-A290-6619C3155C9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9FCB0D36-63F5-48BE-AE5A-015E9476F66A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9FF7CF0B-4FB6-4241-859B-E92D86E4525B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A433CEA8-B93A-4B0D-B37C-FC9E22E269D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A82CE850-DFA6-4CB1-8A5E-65216809F2D3}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{B07E4EC6-FBA1-4D95-9F3E-486AA57553BB}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{B117BA2D-6584-40D2-BDE4-BA1C7874272F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B2C5A1B0-217B-42A8-80BA-03D718D5BC7B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B42E1195-56CB-42FE-856B-009D499F5AE2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BEDA3ACD-FF75-47B5-9E3A-415675595792}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C502C601-19E9-4AC0-9C71-8125035F6E3B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{C55656B1-ED87-417F-B020-2C9946CCBBE8}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{C81E9B9F-CF07-4502-8A1C-CD77C6545410}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA482982-67FA-4312-8574-920D38900282}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D529CA69-C953-4501-B239-2E92DC127E4C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7A593C7-6B4C-4FC0-AA74-EAE5B8341987}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7CF0EFB-2B0A-43D3-82C1-6CC0B06627E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D84C1EF9-1952-4C4C-A775-D3971204D1CD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA8CF1CE-019F-4407-A271-A7224619CD8F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E062AF53-A68D-4B0E-A51E-AD50C06464F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E68D4B2E-98ED-4193-BE11-F8FC63940CB6}" = dir=in | app=rosettastoneversion3.exe |
"{E91C3376-C211-41E5-9DD6-CE68610685A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA643C6D-6E3E-4692-BF24-EA891DE08FD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB1665C2-6031-49FF-9B67-6CADE2467B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2457A3-0496-4677-8E9F-5DBAB3A8CE50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F060E2C7-B5F5-4C7F-8C1E-94BF5795A0B2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F7B3CE5A-B5CA-45AA-8907-B3A1626EC5D2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F94A3743-BAF5-44BD-B990-361F3F498FCF}" = dir=in | app=support inrosettastoneltdservices.exe |
"TCP Query User{0C3F328B-7038-4D2B-83C7-E80EE73FFC7F}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{1AB479AD-4C06-402D-9589-F11FE7642EBA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{1C8A4D12-BC5E-46B9-88B6-9C1EF90AA0B0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{2C921DF6-633F-4BA2-8E79-1120668873D2}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"TCP Query User{2D708666-0D9C-4CFB-BB10-7A7D3E984D20}C:\program files (x86)\gigabyte\i-cool\run.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\i-cool\run.exe |
"TCP Query User{377C2D32-222A-43F0-AFBE-471829994CE2}C:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe |
"TCP Query User{377FCB29-A9B4-4C26-9AF2-06046A49657E}C:\program files (x86)\jlc's software\internet tv\internet tv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jlc's software\internet tv\internet tv.exe |
"TCP Query User{4492D483-3EF9-46D0-956A-558133F6C4A7}C:\program files (x86)\portpeeker\portpeeker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portpeeker\portpeeker.exe |
"TCP Query User{488704DA-83E9-4E99-BAC3-78038B7C8998}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{68ED61B1-F4C8-43EA-91A1-AE2CFADC34B6}C:\program files (x86)\vidalia bundle\tor\tor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vidalia bundle\tor\tor.exe |
"TCP Query User{AB263C79-3678-4E4C-889C-EA18DC8EB760}C:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe |
"TCP Query User{AC409008-4AD9-4FB7-A6D0-8E5D9DAC4FA6}C:\program files (x86)\vidalia bundle\tor\tor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vidalia bundle\tor\tor.exe |
"TCP Query User{CAFB8C4F-EB9A-4623-8E3D-33BD3A2F07F6}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{CFA61C33-66A6-46E4-B7E2-3AC5628B8483}C:\program files (x86)\gigabyte\i-cool\run.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\i-cool\run.exe |
"TCP Query User{D592DB1B-9963-47C1-8BE3-B6870A00CF04}C:\program files (x86)\iepro\minidm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iepro\minidm.exe |
"UDP Query User{0DF1873B-3AF4-4EF7-BB85-A06517331666}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{20BEACD9-B166-441B-9523-EB7941211D78}C:\program files (x86)\gigabyte\i-cool\run.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\i-cool\run.exe |
"UDP Query User{325F6ACA-C6F2-48D4-9F5F-ACD1067464EF}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{3A6DC12F-04DB-47D0-B491-A064E94EF010}C:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe |
"UDP Query User{443F9A96-64E8-4ECD-837C-EC79F17157B4}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"UDP Query User{47F62194-57E5-49A7-AE57-CA178AF2F37E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{52978E05-2440-4AC8-BD8F-900670018D2A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{55481850-144F-40F8-A2C4-F0410BE6D68B}C:\program files (x86)\vidalia bundle\tor\tor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vidalia bundle\tor\tor.exe |
"UDP Query User{571AD2F9-5992-4852-A23D-ACD1FD268733}C:\program files (x86)\portpeeker\portpeeker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portpeeker\portpeeker.exe |
"UDP Query User{82B80C53-6186-4675-9773-F869CD48B83E}C:\program files (x86)\iepro\minidm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iepro\minidm.exe |
"UDP Query User{878C8E35-F1C0-4152-864E-CA7010364E53}C:\program files (x86)\jlc's software\internet tv\internet tv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jlc's software\internet tv\internet tv.exe |
"UDP Query User{90F6028D-B252-4123-A095-3CA68BC4666E}C:\program files (x86)\vidalia bundle\tor\tor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vidalia bundle\tor\tor.exe |
"UDP Query User{A150B7FD-2299-4656-9426-784CC6D444C2}C:\program files (x86)\gigabyte\i-cool\run.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\i-cool\run.exe |
"UDP Query User{BC31A515-9F43-46E7-90DF-6B2559514FC6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{FC1934D3-0C91-4F65-92FE-299545B01071}C:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tpgsoftphone\tpgsoftphone\tpgsoftphone.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0464-000001000000}" = 7-Zip 4.64 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A927737F-8C1C-46BE-A85B-E4246CF75D0D}" = Microsoft IntelliType Pro 6.1
"{AD5BAA95-657F-4D81-8E07-D0882C2E8985}" = Microsoft IntelliPoint 6.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"D410A1715EF3A4E4A0EE33A217691DDBA3037DDE" = Windows Driver Package - Silicon Integrated Systems Corp.(1.09d.00) (SIS163u) Net (01/25/2007 6.0.1039.1094)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"x64 Components_is1" = x64 Components v2.0.9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 16
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{C96A23CB-DDE6-4DEF-AD83-D5D5037D4316}" = iMON
"{CA897AF5-4EA6-42E9-AD11-138160C560B2}" = VmcLauncher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ASCOM Platform 3.0" = ASCOM Platform 3.0
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Eraser" = Eraser
"HijackThis" = HijackThis 2.0.2
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"Magic ISO Maker v5.4 (build 0245)" = Magic ISO Maker v5.4 (build 0245)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Starry Night Pro Plus 6" = Starry Night Pro Plus 6
"Stellarium_is1" = Stellarium 0.10.0
"UndeletePlus_is1" = Undelete Plus 2.94
"uTorrent" = µTorrent
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.549
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4098504633-1038546326-2246272219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2009 3:28:31 AM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/10/2009 3:28:31 AM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/10/2009 3:28:34 AM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/10/2009 3:28:34 AM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/10/2009 8:17:48 AM | Computer Name = MediaCentre-PC | Source = Perflib | ID = 1023
Description =

Error - 31/10/2009 8:17:48 AM | Computer Name = MediaCentre-PC | Source = Perflib | ID = 1023
Description =

Error - 31/10/2009 8:25:48 AM | Computer Name = MediaCentre-PC | Source = Perflib | ID = 1023
Description =

Error - 31/10/2009 8:25:48 AM | Computer Name = MediaCentre-PC | Source = Perflib | ID = 1023
Description =

Error - 31/10/2009 8:16:29 PM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/10/2009 8:16:29 PM | Computer Name = MediaCentre-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 23/08/2009 5:41:51 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/08/2009 8:41:34 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/09/2009 1:11:12 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 22/09/2009 7:43:31 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 30/09/2009 7:20:20 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/10/2009 4:45:13 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/10/2009 8:33:35 PM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/10/2009 1:12:01 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 25/10/2009 5:51:35 PM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 1:20:37 AM | Computer Name = MediaCentre-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 31/10/2009 3:04:50 AM | Computer Name = MediaCentre-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 31/10/2009 3:05:14 AM | Computer Name = MediaCentre-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 31/10/2009 3:05:22 AM | Computer Name = MediaCentre-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2009 3:05:22 AM | Computer Name = MediaCentre-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2009 3:05:22 AM | Computer Name = MediaCentre-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 31/10/2009 3:05:22 AM | Computer Name = MediaCentre-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 31/10/2009 3:05:43 AM | Computer Name = MediaCentre-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2009 3:05:43 AM | Computer Name = MediaCentre-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 31/10/2009 3:06:26 AM | Computer Name = MediaCentre-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2009 3:06:26 AM | Computer Name = MediaCentre-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.


< End of report >

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 01 November 2009 - 06:06 AM

Hi,

could you please post the log from Malwarebytes. Did it find anything?

Do you get redirected with all browsers or only with specific ones? Do you have a router or do you connect directly to the internet?

regards _temp_

Edited by _temp_, 01 November 2009 - 06:06 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 01 November 2009 - 09:51 PM

_temp_,

The problem only seems to be occuring in Firefox. I have IE8(x64) on this machine and that doesn't seem to give me the same issues.

I have a Netgear DG834Gv2 ADSL modem/Wireless Router which gives me my internet connection and distribution in the house. The affected PC connects by WiFi to the modem/router.

I am currently running a scan using Malwarebytes, it has found something in the registry before, I tried the fix, but it came back. I will post the log from the scan tonight.

Cheers
Adam

#6 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 02 November 2009 - 04:36 AM

Nothing found by Malwarebytes, but the problem still persists in Firefox.

Malwarebytes' Anti-Malware 1.41
Database version: 2997
Windows 6.0.6002 Service Pack 2

2/11/2009 8:34:52 PM
mbam-log-2009-11-02 (20-34-52).txt

Scan type: Full Scan (C:\|D:\|I:\|)
Objects scanned: 474591
Time elapsed: 1 hour(s), 45 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 02 November 2009 - 05:44 AM

Hi,

As your OS is a 64bit operating system this limits the tools we can use.
Please run a scan with DDS:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    DDS.scr
    DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 02 November 2009 - 07:36 AM

Hi _temp_,

here are the log files of the scan. I have also tried uninstalling Firefox and re-downloading it and re-installing it, all to no avail. I've also downloaded Opera and I dont get the problem there, it just seems to be affecting Firefox.

DDS (Ver_09-10-13.01) - NTFSx86
Run by MediaCentre at 23:31:35.83 on Mon 02/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.4094.949 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Users\MediaCentre\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\syswow64\blank.htm
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~2\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~2\arcsoft\rawthu~1\EXIFToolBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~2\arcsoft\rawthu~1\EXIFToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] c:\program files (x86)\slysoft\anydvd\AnyDVDtray.exe
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [kbddbClient] rundll32.exe "c:\users\mediacentre\appdata\local\kbddbclient\kbddbClient.dll", DllInit
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] "c:\program files (x86)\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [iMON] c:\program files (x86)\soundgraph\imon\iMON.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\mediac~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Read EXIF - c:\program files (x86)\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mediac~1\appdata\roaming\mozilla\firefox\profiles\21gbt332.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files (x86)\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll
FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys --> c:\windows\system32\drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys --> c:\windows\system32\drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdia.sys --> c:\windows\system32\drivers\avgtdia.sys [?]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\avg\avg8\avgemc.exe [2009-6-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-10-21 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 3xHybr64;WinFast DTV1000 S;c:\windows\system32\drivers\3xhybr64.sys --> c:\windows\system32\drivers\3xHybr64.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys --> c:\windows\system32\drivers\point64k.sys [?]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys --> c:\windows\system32\drivers\sis163u.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
S2 nlias;Center Support;c:\windows\system32\svchost.exe -k netsvcs [2008-12-3 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-23 89920]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-12-3 19968]
S3 pwdrvio;pwdrvio;\??\c:\windows\system32\pwdrvio.sys --> c:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\c:\windows\system32\pwdspio.sys --> c:\windows\system32\pwdspio.sys [?]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys --> c:\windows\system32\drivers\tap0901.sys [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-01 13:08 212,480 a------- c:\windows\PCDLIB32.DLL
2009-10-31 18:03 <DIR> --d----- c:\windows\pss
2009-10-29 21:08 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-29 21:08 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-29 21:08 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-29 03:00 92,672 a------- c:\windows\system32\UIAnimation.dll
2009-10-29 03:00 1,164,800 a------- c:\windows\system32\UIRibbonRes.dll
2009-10-29 03:00 3,023,360 a------- c:\windows\system32\UIRibbon.dll
2009-10-29 00:29 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-29 00:29 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-24 12:53 438,840 ---shr-- C:\bootxe1
2009-10-24 12:53 171,136 ---shr-- C:\XELD1
2009-10-24 12:53 9,216 ---shr-- C:\XELD1.1st
2009-10-22 21:45 <DIR> --d----- c:\program files (x86)\Trend Micro
2009-10-21 18:54 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-21 18:54 <DIR> --d----- c:\progra~3\SUPERAntiSpyware.com
2009-10-21 18:54 <DIR> --d----- c:\users\mediac~1\appdata\roaming\SUPERAntiSpyware.com
2009-10-21 18:54 <DIR> --d----- c:\program files (x86)\SUPERAntiSpyware
2009-10-21 18:52 <DIR> --d----- c:\program files (x86)\Safer Networking
2009-10-21 18:50 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-10-21 18:50 <DIR> --d----- c:\program files (x86)\Spybot - Search & Destroy
2009-10-21 18:50 <DIR> --d----- c:\progra~3\Spybot - Search & Destroy
2009-10-20 21:49 <DIR> --d----- c:\users\mediac~1\appdata\roaming\Malwarebytes
2009-10-20 21:49 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 21:49 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-20 21:49 <DIR> --d----- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-10-20 21:49 <DIR> --d----- c:\progra~3\Malwarebytes
2009-10-20 21:44 <DIR> --d----- c:\programdata\Lavasoft
2009-10-20 20:17 <DIR> --d----- c:\programdata\SITEguard
2009-10-20 20:17 <DIR> --d----- c:\progra~3\SITEguard
2009-10-20 20:16 <DIR> --d----- c:\programdata\STOPzilla!
2009-10-20 20:16 <DIR> --d----- c:\program files (x86)\common files\iS3
2009-10-20 20:16 <DIR> --d----- c:\progra~3\STOPzilla!
2009-10-20 07:05 0 a------- c:\windows\system32\config.nt
2009-10-20 07:04 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-10-19 19:20 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-10-18 10:24 <DIR> --d----- c:\program files (x86)\Ascentive
2009-10-17 23:20 <DIR> --d-h--- C:\$AVG
2009-10-17 20:10 <DIR> --d----- c:\program files (x86)\common files\PX Storage Engine
2009-10-17 20:10 <DIR> --d----- c:\program files (x86)\DivX
2009-10-17 20:10 <DIR> --d----- c:\program files (x86)\common files\DivX Shared
2009-10-17 19:28 1,890 a------- c:\windows\diagwrn.xml
2009-10-17 19:28 1,890 a------- c:\windows\diagerr.xml
2009-10-17 17:58 <DIR> --d----- c:\program files (x86)\Partition Wizard Home Edition 4.1
2009-10-17 17:07 <DIR> --d----- c:\program files (x86)\TouchStoneSoftware
2009-10-17 16:46 <DIR> --d----- c:\users\mediacentre\Temp
2009-10-15 21:08 604,672 a------- c:\windows\system32\WMSPDMOD.DLL

==================== Find3M ====================

2009-10-31 18:05 32,441 a------- c:\programdata\nvModes.dat
2009-10-31 18:05 32,441 a------- c:\progra~3\nvModes.dat
2009-10-31 18:03 3,204 a------- c:\windows\bthservsdp.dat
2009-10-25 15:36 51,200 a------- c:\windows\inf\infpub.dat
2009-10-25 15:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-26 03:41 90,112 a------- c:\windows\system32\dpl100.dll
2009-09-26 03:41 856,064 a------- c:\windows\system32\divx_xx0c.dll
2009-09-26 03:41 856,064 a------- c:\windows\system32\divx_xx07.dll
2009-09-26 03:41 847,872 a------- c:\windows\system32\divx_xx0a.dll
2009-09-26 03:41 843,776 a------- c:\windows\system32\divx_xx16.dll
2009-09-26 03:41 839,680 a------- c:\windows\system32\divx_xx11.dll
2009-09-26 03:41 696,320 a------- c:\windows\system32\DivX.dll
2009-09-25 09:59 121,280 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-09-11 03:48 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-04 22:41 60,928 a------- c:\windows\system32\msasn1.dll
2009-08-30 00:09 724 a------- c:\users\mediacentre\update block list.vbs
2009-08-29 13:42 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2009-08-29 13:42 284,672 a------- c:\windows\apppatch\apppatch64\AcGenral.dll
2009-08-29 13:42 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll
2009-08-29 13:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 13:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 13:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 13:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 11:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 11:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 16:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 16:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 16:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-27 14:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-23 16:58 86,016 a------- c:\windows\inf\infstor.dat
2009-08-23 15:47 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-23 14:10 22,336 a------- c:\windows\gdrv.sys
2009-08-17 17:23 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-08-17 01:27 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-08-15 02:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-15 00:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-15 00:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-15 00:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-15 00:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-15 00:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-15 00:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-15 00:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-15 00:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-14 14:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-03-15 11:25 99,384 a------- c:\users\mediac~1\appdata\roaming\inst.exe
2009-03-15 11:25 82,816 a------- c:\users\mediac~1\appdata\roaming\pcouffin.sys
2008-12-04 08:24 174 a--sh--- c:\program files (x86)\desktop.ini
2006-11-03 02:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-03 02:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-03 02:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-03 02:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 21:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 21:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 21:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 21:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:32:05.95 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2008 8:31:56 PM
System Uptime: 31/10/2009 6:04:23 PM (53 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-73PVM-S2H
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 14.14 GiB free.
D: is FIXED (NTFS) - 497 GiB total, 151.745 GiB free.
E: is CDROM (UDF)
I: is FIXED (NTFS) - 99 GiB total, 77.853 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_07D8&SUBSYS_07D81458&REV_A1\3&2411E6FE&0&19
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_07D8&SUBSYS_07D81458&REV_A1\3&2411E6FE&0&19
Service:

==== System Restore Points ===================

RP385: 29/10/2009 9:08:13 PM - Windows Update
RP386: 30/10/2009 3:54:21 PM - Windows Update
RP387: 31/10/2009 7:06:48 PM - Scheduled Checkpoint
RP388: 1/11/2009 1:08:37 PM - Installed PhotoStudio
RP389: 1/11/2009 1:11:21 PM - Installed Video Downloader
RP390: 1/11/2009 1:14:42 PM - Installed Print Creations
RP391: 1/11/2009 1:16:34 PM - Installed RAW Thumbnail Viewer
RP392: 1/11/2009 1:20:06 PM - Installed MediaImpression
RP393: 1/11/2009 3:07:44 PM - Installed Panorama Maker
RP394: 1/11/2009 3:09:08 PM - Installed PhotoStudio Darkroom
RP395: 1/11/2009 3:12:04 PM - Installed MediaImpression
RP396: 2/11/2009 9:27:01 PM - Installed Opera 10.01.

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Application Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Panorama Maker 5
ArcSoft PhotoStudio 6
ArcSoft PhotoStudio Darkroom 2
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft RAW Thumbnail Viewer
ArcSoft TotalMedia Theatre 3
ArcSoft Video Downloader
ASCOM Platform 3.0
ASUS nVidia Driver
µTorrent
AutoUpdate
AVG Free 8.5
CCleaner (remove only)
Chinese Traditional Fonts Support For Adobe Reader 9
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 3.5.1.135
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Eraser
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iMON
J2SE Runtime Environment 5.0 Update 12
Java™ 6 Update 16
Logitech Harmony Remote Software 7
Magic ISO Maker v5.4 (build 0245)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office Word Viewer 2003
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.5.4)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Opera 10.01
Partition Wizard Home Edition 4.1
Photosynth 2.0.1519.16
QuickTime
Remote Control USB Driver
Rosetta Stone V3
RunAlyzer
Spybot - Search & Destroy
Starry Night Pro Plus 6
Stellarium 0.10.0
SUPERAntiSpyware Free Edition
The Da Vinci Code
Undelete Plus 2.94
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VideoReDo TVSuite Version 3.1.4.549
Vista Codec Package
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 Runtime Setup Package (x64)
VmcLauncher
Windows Live installer
Windows Media Player Firefox Plugin
WinFast Codec-TS SDK
WinFast De-interlace SDK
WinFast Multimedia Driver Installation
WinFast PVR2
WinFast TT-SB SDK
WinRAR archiver

==== Event Viewer Messages From Past Week ========

31/10/2009 6:06:26 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
31/10/2009 6:06:26 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
31/10/2009 6:05:43 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
31/10/2009 6:05:43 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
31/10/2009 6:05:22 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
31/10/2009 6:05:22 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
31/10/2009 6:05:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
29/10/2009 9:10:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
28/10/2009 6:52:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
28/10/2009 6:52:49 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/10/2009 6:52:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/10/2009 3:21:58 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

==== End Of File ===========================

#9 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 02 November 2009 - 07:40 AM

I also looked back through the old Malwarebytes log files and found this offending registry entry

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Hope this might help.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 03 November 2009 - 02:19 PM

Hi,

Do you know the following files:

C:\bootxe1
C:\XELD1
C:\XELD1.1st


Did the redirections start before you installed STOPzilla?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 03 November 2009 - 02:33 PM

Hi _temp_,

The redirections started before I installed Stopzilla. This was one of the suite of antimalware products I have tried to get rid of this thing.

Not sure what the origin of those 3 files is.

A

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 06 November 2009 - 09:17 AM

Hi,

could you please rename the files by appending .bak to their name. So we can see if they get recreated or if a program claims those files?

Please run a scan with Superantispyware:
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally please also run a scan with systemlook:
Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :reg
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nlias /s
    :service
    nlias
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 07 November 2009 - 02:59 PM

Hi _temp_

OK, firstly, I can't find those three files you wanted me to disable by renaming with .bak. I have allowed viewing hidden and system files and used cmd prompt to look on the c: as well. No sign of them. I also did a system search and none of the three came up. Not sure where they went.

Here is the SystemLook log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:30 on 07/11/2009 by MediaCentre (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
"DcomLaunch"="PlugPlay DcomLaunch"
"imgsvc"="StiSvc"
"LocalService"="NSI SSDPSRV upnphost SCardSvr RemoteRegistry WinHttpAutoProxySvc TBS SLUINotify netprofm QWAVE WebClient"
"LocalServiceNetworkRestricted"="AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg WPCSvc"
"LocalSystemNetworkRestricted"="hidserv Netman AudioEndpointBuilder dot3svc WPDBusEnum wlansvc"
"netsvcs"="AeLookupSvc Themes CertPropSvc SCPolicySvc lanmanserver gpsvc AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc msiscsi SessionEnv schedule winmgmt AppMgmt nlias"
"NetworkService"="DHCP TermService DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv"
"rpcss"="RpcSs"
"termsvcs"="TermService"
"wcssvc"="WcsPlugInService"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nlias]
"Description"="Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network."
"DisplayName"="Center Support"
"ErrorControl"= 0000000000 (0)
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nlias\Parameters]
"ServiceDll"="C:\Windows\system32\vyktl.dll"


========== service ==========

nlias
Center Support
"Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

-=End Of File=-

Here is the SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2009 at 02:15 AM

Application Version : 4.29.1004

Core Rules Database Version : 4244
Trace Rules Database Version: 2138

Scan type : Complete Scan
Total Scan Time : 04:45:55

Memory items scanned : 556
Memory threats detected : 0
Registry items scanned : 5264
Registry threats detected : 0
File items scanned : 604262
File threats detected : 17

Trojan.Agent/Gen-HackPatch
C:\PROGRAM FILES (X86)\SLYSOFT\ANYDVD\RUN ME 1ST.EXE

Adware.Tracking Cookie
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@112.2o7[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@ads.ad4game[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@adserver.adreactor[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@apmebf[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@content.yieldmanager[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@content.yieldmanager[3].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@dmtracker[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@geelongadvertiser.com[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@imrworldwide[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@scotts.122.2o7[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@specificclick[2].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@statcounter[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@www.geelongadvertiser.com[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@www.googleadservices[1].txt
C:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\mediacentre@xiti[2].txt
I:\Users\MediaCentre\AppData\Roaming\Microsoft\Windows\Cookies\Low\mediacentre@kaspersky.122.2o7[1].txt

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 PM

Posted 07 November 2009 - 03:06 PM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\system32\vyktl.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Let's also run another scan with SystemLook looking for those vanished files, please use the following script:

:file
C:\bootxe1
C:\XELD1
C:\XELD1.1st
:filefind
bootxe1
XELD1*

Please post back the 2 logs in oyur next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 adamcullen

adamcullen
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 07 November 2009 - 08:16 PM

Hi _temp_

It looks like I didn't know what I was talking about when I said I had turned on viewing hidden files. Found those 3 files now and renamed them *.bak

Here is the result of the SystemLook scan before I renamed them.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:13 on 08/11/2009 by MediaCentre (Administrator - Elevation successful)

========== file ==========

C:\bootxe1 - File found and opened.
MD5: 15A4F358BFEA2C70CB050D0CF010EEB2
Created at 01:53 on 24/10/2009
Modified at 01:53 on 24/10/2009
Size: 438840 bytes
Attributes: -rahs-
No version information available.

C:\XELD1 - File found and opened.
MD5: 522C403E5B16D458EC2866E6AE788876
Created at 01:53 on 24/10/2009
Modified at 01:53 on 24/10/2009
Size: 171136 bytes
Attributes: -rahs-
No version information available.

C:\XELD1.1st - File found and opened.
MD5: 6EFBBBAEC802B6DAB94EDFE33C018823
Created at 01:53 on 24/10/2009
Modified at 01:53 on 24/10/2009
Size: 9216 bytes
Attributes: -rahs-
No version information available.

========== filefind ==========

Searching for "bootxe1"
C:\bootxe1 -rahs- 438840 bytes [01:53 24/10/2009] [01:53 24/10/2009] 15A4F358BFEA2C70CB050D0CF010EEB2

Searching for "XELD1*"
C:\XELD1 -rahs- 171136 bytes [01:53 24/10/2009] [01:53 24/10/2009] 522C403E5B16D458EC2866E6AE788876
C:\XELD1.1st -rahs- 9216 bytes [01:53 24/10/2009] [01:53 24/10/2009] 6EFBBBAEC802B6DAB94EDFE33C018823

-=End Of File=-


here is the result after I renamed them with *.bak:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:15 on 08/11/2009 by MediaCentre (Administrator - Elevation successful)

========== file ==========

C:\bootxe1 - Unable to find/read file.

C:\XELD1 - Unable to find/read file.

C:\XELD1.1st - Unable to find/read file.

========== filefind ==========

Searching for "bootxe1"
No files found.

Searching for "XELD1*"
C:\XELD1.1st.bak -rahs- 9216 bytes [01:53 24/10/2009] [01:53 24/10/2009] 6EFBBBAEC802B6DAB94EDFE33C018823
C:\XELD1.bak -rahs- 171136 bytes [01:53 24/10/2009] [01:53 24/10/2009] 522C403E5B16D458EC2866E6AE788876

-=End Of File=-


I am having trouble locating that C:\Windows\system32\vyktl.dll file.

I also used SystemLook to try to find it using the following code:

:file
C:\Windows\system32\vyktl.dll
:filefind
vyktl.dll

and this was the result:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:53 on 08/11/2009 by MediaCentre (Administrator - Elevation successful)

========== file ==========

C:\Windows\system32\vyktl.dll - Unable to find/read file.

========== filefind ==========

Searching for "vyktl.dll"
No files found.

-=End Of File=-


Edited by adamcullen, 07 November 2009 - 08:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users