Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

weird virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: weird virus

Unread postby yarders » July 23rd, 2009, 5:30 pm

im scanning now but its too slow
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am
Advertisement
Register to Remove

Re: weird virus

Unread postby Dakeyras » July 23rd, 2009, 6:01 pm

Aye it is not the most fast scanning wise but let it run until complete. Go and read a book etc whilst the scan is in progress and post back the logs I requested when it is completed, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 24th, 2009, 6:18 am

the can coulnt complete in time so i paused it an closed my screen so i could continue it from where i left off, it had not found any threats before i paused it, i woke up just now opened my computer and i get a bluescreen should i try the scan again?
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 24th, 2009, 7:10 am

Hi :)

Vista LKGC:

Reboot/Start-up your computer and during the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Advanced Boot Options screen.

Use the arrow keys to scroll down and select Last Know Good Configuration (advanced) and hit the Enter/Return key.

Next:

Run the Dr Web Cure It scan again please and this time let it complete. Post back the logs I have previously requested, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 24th, 2009, 12:41 pm

Image




i cured it
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 24th, 2009, 1:52 pm

Hi :)

That may be what is known as a FP(false positive). Either way I will need to see the Dr Web CureIt log please.

Along with a new HijackThis Log and a update on how your computer is performing overall as in any problems still etc.

I really should not need to have to keep asking your good self to post logs I have previously asked for numerous times eh ;)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 24th, 2009, 2:40 pm

you dont im just keeping you updated

Image
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 24th, 2009, 3:19 pm

Ah I see :)

Please except my sincere apology for jumping the gun. It looks like nearly finished and another FP but not a lot we can do about that since we have been unable to actually run a online scan successfully.

Anyway it should not pose a problem.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 24th, 2009, 3:30 pm

aww it crashed before the end an theres no time to do i before i have to turn off for tonight
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 24th, 2009, 4:17 pm

Hi :)

aww it crashed before the end an theres no time to do i before i have to turn off for tonight
Most unfortunate another system crash yet again :(

OK we are getting no where fast here and there has to be a reason why so many online and a downloaded AV scan(s) keep failing, which I propose we investigate as follows:

Next:

Please download OTL and save it to your Desktop.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 25th, 2009, 6:42 am

would it be a good idea to downloa vista service pack 1
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 25th, 2009, 6:45 am

OTL

OTL logfile created on: 25/07/2009 11:37:01 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Jonny\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.47 Gb Total Space | 123.05 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.10 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESHVEER
Current User Name: Jonny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\LVComS.exe (Logitech Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\Jonny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\IELowutil.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (AffinegyService [Auto | Running]) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c9f505dcf6ec00 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MSSQL$SONY_MEDIAMGR [Auto | Running]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (IDT, Inc.)
SRV - (StarWindService [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WinVNC4 [Auto | Stopped]) -- File not found
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AFGSp50 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AVerBDA6x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AVerBDA716x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Stopped]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaNvStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NuidFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SMALUSB [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\smallogi.sys (SMaL Camera Technologies, Inc.)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (TcUsb [On_Demand | Running]) -- C:\Windows\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vaxscsi [On_Demand | Running]) -- C:\Windows\System32\Drivers\vaxscsi.sys ()
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\S-1-5-21-2617438544-2265370005-1231189347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\S-1-5-21-2617438544-2265370005-1231189347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/25 11:19:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/14 13:35:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/14 13:35:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/07/14 13:36:09 | 00,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Extensions
[2009/07/14 13:36:09 | 00,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/24 15:42:44 | 00,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/07/14 13:36:09 | 00,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\t81c55x5.default\extensions
[2009/07/14 13:35:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/14 13:35:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 15:37:46 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 15:37:46 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 15:37:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 13:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/24 13:14:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 13:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/24 13:14:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 13:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/24 13:14:16 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 13:14:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 13:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVComs] C:\Windows\System32\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 1 = SysInspector.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 2 = callmsi.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 3 = ecmd.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 4 = ecls.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 5 = eeclnt.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 6 = egui.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun: 7 = EHttpSrv.exe
O7 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..Trusted Domains: mac.com ([homepage] https in Trusted sites)
O15 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..Trusted Domains: runescape.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..Trusted Domains: runescape.com ([world78] https in Trusted sites)
O15 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2617438544-2265370005-1231189347-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/18 16:11:36 | 10,214,94137 | ---- | C] (Activision ) -- C:\Users\Jonny\Desktop\CoDWaW-1.4-1.5-PatchSetup.exe
[2009/07/25 11:35:49 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2009/07/24 21:25:01 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/24 21:25:00 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/24 21:24:59 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/24 21:24:59 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/24 21:24:59 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/24 21:24:59 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/24 21:24:55 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/24 21:24:54 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/24 21:22:47 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/24 21:22:47 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/24 21:18:43 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/24 21:18:42 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/24 21:18:41 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/07/24 21:18:34 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/24 21:18:32 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/24 21:18:05 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/24 21:18:05 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/24 21:18:04 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/24 21:18:04 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/24 21:18:04 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/24 21:18:04 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/24 21:18:04 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/24 21:18:04 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/24 21:18:04 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/24 21:18:03 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/24 21:18:03 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/24 21:18:03 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/24 21:18:02 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/24 21:16:36 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/07/24 21:16:36 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/07/24 21:16:36 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/07/24 21:16:36 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/07/24 21:16:36 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/07/24 21:16:36 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/24 21:16:36 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/07/24 21:16:36 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/07/24 21:16:36 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/07/24 21:16:36 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/07/24 21:16:35 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/24 21:16:35 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/24 21:16:35 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/24 21:16:35 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/07/24 21:16:35 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/07/24 21:16:35 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/24 21:16:35 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/24 21:16:35 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/07/24 21:16:35 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/24 21:16:35 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/07/24 21:16:35 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/07/24 21:16:35 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/24 21:16:35 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/07/24 21:16:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/24 21:16:34 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/24 21:16:34 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/24 21:16:34 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/24 21:16:34 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/24 21:16:34 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/07/24 21:16:34 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/07/24 21:16:34 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/24 21:16:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/07/24 21:16:33 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/07/24 21:16:33 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/24 21:16:33 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/07/24 21:16:33 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/24 21:16:33 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/07/24 21:16:33 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/24 21:16:33 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/07/24 21:16:33 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/07/24 21:16:33 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/07/24 17:54:41 | 22,576,8758 | ---- | C] () -- C:\Users\Jonny\Desktop\Reign Over Me.MP4
[2009/07/24 17:53:25 | 39,178,6451 | ---- | C] () -- C:\Users\Jonny\Desktop\I Now Pronounce You Chuck And Larry.MP4
[2009/07/24 17:52:41 | 36,090,3258 | ---- | C] () -- C:\Users\Jonny\Desktop\Bedtime Stories.mp4
[2009/07/23 21:43:21 | 15,041,704 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Jonny\Desktop\drweb-cureit.exe
[2009/07/23 16:41:09 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\WinPatrol
[2009/07/23 16:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/07/22 23:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/22 14:11:13 | 00,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job
[2009/07/21 11:09:01 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/07/21 11:06:29 | 00,000,695 | ---- | C] () -- C:\Users\Jonny\Desktop\NTREGOPT.lnk
[2009/07/21 11:06:29 | 00,000,676 | ---- | C] () -- C:\Users\Jonny\Desktop\ERUNT.lnk
[2009/07/21 11:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/21 11:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/07/21 10:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/07/21 10:55:59 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTM.exe
[2009/07/21 10:55:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jonny\Desktop\erunt-setup.exe
[2009/07/21 10:55:29 | 00,359,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Jonny\Desktop\msicuu2.exe
[2009/07/21 03:01:04 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/07/20 23:11:45 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/07/20 23:11:43 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/07/20 23:11:41 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/07/20 23:11:23 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/20 23:11:20 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/07/20 23:11:12 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/07/20 23:11:11 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/07/20 23:11:11 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/07/20 23:11:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/07/20 23:01:52 | 02,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/20 23:01:40 | 03,505,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/20 23:01:40 | 03,471,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/20 23:01:37 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/20 23:01:33 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/20 23:01:32 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/20 23:01:32 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/20 23:01:32 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/20 23:01:32 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/20 23:01:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/20 23:00:05 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/20 23:00:05 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/20 23:00:04 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/20 23:00:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/20 23:00:03 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/20 23:00:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/20 22:52:49 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/20 22:52:39 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/20 22:52:39 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/07/20 22:52:19 | 10,619,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/20 22:52:16 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/20 22:52:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/20 22:52:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/20 22:52:07 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/20 22:50:42 | 00,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/20 22:43:38 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Malwarebytes
[2009/07/20 22:43:37 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 22:43:34 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/20 22:43:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/20 22:43:31 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/20 22:43:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 22:43:01 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jonny\Desktop\mbam-setup.exe
[2009/07/20 22:42:47 | 01,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/20 22:42:47 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/20 22:42:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/20 22:42:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/07/20 22:42:46 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/07/20 22:42:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/07/20 22:33:37 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/20 22:33:10 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/20 22:27:11 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Users\Jonny\Desktop\GooredFix.exe
[2009/07/20 20:57:19 | 57,344,000 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/20 18:14:45 | 00,000,000 | -HSD | C] -- C:\$RECYCLE(2).BIN
[2009/07/20 17:09:35 | 00,924,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\mfc40u.dll
[2009/07/20 17:09:35 | 00,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\rpcss.dll
[2009/07/20 17:09:35 | 00,537,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\comctl32.dll
[2009/07/20 17:09:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\lpk.dll
[2009/07/20 17:09:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\beep.sys
[2009/07/20 17:09:35 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\sfc.dll
[2009/07/20 17:09:35 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\null.sys
[2009/07/20 17:09:34 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\comres.dll
[2009/07/20 17:09:34 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\kbdclass.sys
[2009/07/20 17:09:33 | 00,874,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\kernel32.dll
[2009/07/20 17:09:33 | 00,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\termsrv.dll
[2009/07/20 17:09:33 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\services.exe
[2009/07/20 17:09:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\appmgmts.dll
[2009/07/20 17:09:33 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\spoolsv.exe
[2009/07/20 17:09:33 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\imm32.dll
[2009/07/20 17:09:33 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\powrprof.dll
[2009/07/20 17:09:33 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\wuauclt.exe
[2009/07/20 17:09:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\userinit.exe
[2009/07/20 17:09:33 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\ctfmon.exe
[2009/07/20 17:09:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\lsass.exe
[2009/07/20 17:09:32 | 03,472,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\ntoskrnl.exe
[2009/07/20 17:09:32 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\explorer.exe
[2009/07/20 17:09:31 | 03,506,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/20 17:09:31 | 00,500,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\ndis.sys
[2009/07/20 17:09:31 | 00,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\winlogon.exe
[2009/07/20 17:09:30 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\wininet.dll
[2009/07/20 17:09:30 | 00,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\tcpip.sys
[2009/07/20 17:09:30 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\user32.dll
[2009/07/20 17:09:30 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\ws2_32.dll
[2009/07/20 17:09:30 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\cache\svchost.exe
[2009/07/20 17:09:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\dllcache\cache
[2009/07/20 17:01:04 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/07/20 14:11:48 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/07/20 13:29:25 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/20 13:29:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/20 13:29:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/20 13:29:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/20 13:29:25 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/20 13:29:25 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/20 13:29:25 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/20 13:29:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/20 13:26:19 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/20 13:24:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/20 13:23:26 | 03,146,921 | R--- | C] () -- C:\Users\Jonny\Desktop\ComboFix.exe
[2009/07/19 11:31:12 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny\Desktop\TFC.exe
[2009/07/18 22:48:44 | 00,181,156 | ---- | C] () -- C:\Users\Jonny\Desktop\nod32removal.exe
[2009/07/18 13:33:08 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/18 13:21:37 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Jonny\Desktop\Rooter.exe
[2009/07/18 13:18:04 | 00,794,408 | ---- | C] () -- C:\Users\Jonny\Desktop\pbsvc.exe
[2009/07/17 22:55:34 | 00,028,672 | ---- | C] () -- C:\Users\Jonny\Documents\bounmce.fla
[2009/07/17 22:46:02 | 00,781,909 | ---- | C] () -- C:\Users\Jonny\Desktop\RSIT.exe
[2009/07/17 22:22:00 | 07,220,240 | ---- | C] () -- C:\Users\Jonny\Desktop\xfire_installer_37966.exe
[2009/07/17 20:57:39 | 00,000,527 | ---- | C] () -- C:\Users\Jonny\Desktop\3D Rad - The Empty Space.lnk
[2009/07/17 20:57:26 | 00,087,552 | ---- | C] () -- C:\Windows\System32\trltmpct.dll
[2009/07/17 20:57:22 | 00,000,000 | ---D | C] -- C:\3D Rad
[2009/07/17 19:41:02 | 35,353,366 | ---- | C] (3DRad.com ) -- C:\Users\Jonny\Desktop\3DRadTrial_636.exe
[2009/07/17 11:39:58 | 08,694,074 | ---- | C] () -- C:\Users\Jonny\Desktop\Poker1M 2.7Patched MadHouse.ipa.zip
[2009/07/17 11:37:15 | 09,371,941 | ---- | C] () -- C:\Users\Jonny\Desktop\Sonic Insect Repeller.ipa.zip
[2009/07/16 20:14:14 | 20,099,416 | ---- | C] () -- C:\Users\Jonny\Desktop\Noise.io_Pro-v1.4.ipa.zip
[2009/07/16 20:13:06 | 02,053,821 | ---- | C] () -- C:\Users\Jonny\Desktop\T_Premium-v1.1-Fufi0.ipa.zip
[2009/07/15 19:54:55 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\IGN_DLM
[2009/07/15 19:54:49 | 00,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2009/07/15 13:14:06 | 00,560,582 | ---- | C] () -- C:\Users\Jonny\Desktop\FastFile_Tools.zip
[2009/07/14 17:38:09 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Local\PunkBuster
[2009/07/14 17:37:46 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Local\Activision
[2009/07/14 17:22:16 | 00,001,050 | ---- | C] () -- C:\Users\Jonny\Desktop\CoDWaW (2) - Shortcut.lnk
[2009/07/14 17:10:36 | 00,022,328 | ---- | C] () -- C:\Users\Jonny\AppData\Roaming\PnkBstrK.sys
[2009/07/14 16:47:08 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/07/14 15:52:22 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/07/14 15:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/07/14 13:35:38 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Local\Mozilla
[2009/07/14 13:35:22 | 00,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/14 13:35:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/14 10:48:27 | 00,001,836 | ---- | C] () -- C:\Users\Jonny\Desktop\HijackThis.lnk
[2009/07/14 10:48:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/14 10:47:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jonny\Desktop\HJTInstall.exe
[2009/07/14 10:23:20 | 32,997,7183 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/10 20:23:37 | 00,124,928 | ---- | C] () -- C:\Users\Jonny\Documents\maze.fla
[2009/07/10 20:23:32 | 00,023,040 | ---- | C] () -- C:\Users\Jonny\Documents\mazdee.fla
[2009/07/10 19:03:38 | 00,030,720 | ---- | C] () -- C:\Users\Jonny\Documents\CAR.fla
[2009/07/10 18:45:08 | 00,000,139 | ---- | C] () -- C:\Users\Jonny\Documents\minion.swf
[2009/07/08 20:09:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/07/08 20:06:55 | 00,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Update
[2009/07/06 22:44:23 | 37,560,64768 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/04 12:48:14 | 00,000,534 | ---- | C] () -- C:\Users\Jonny\Desktop\Saved - Shortcut.lnk
[2009/07/03 19:54:30 | 00,000,443 | ---- | C] () -- C:\Users\Jonny\Desktop\Music - Shortcut.lnk
[2009/07/03 15:53:54 | 00,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Armani
[2009/07/01 17:27:32 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/06/28 19:04:18 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\IDM
[2009/06/28 19:04:18 | 00,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\DMCache
[2009/06/28 19:04:12 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/06/28 16:35:47 | 00,000,000 | ---D | C] -- C:\Users\Jonny\Documents\Downloads
[2009/06/28 15:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\PC Satellite TV
[2009/06/28 12:33:23 | 00,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Windows Doctor+Serial
[2009/06/27 22:31:06 | 00,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/27 22:31:06 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/06 14:47:37 | 00,000,606 | ---- | C] () -- C:\Windows\Uninstall Manager.INI
[2009/05/19 20:36:36 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/04 16:48:39 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/05/04 16:48:39 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/05/04 16:48:39 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/29 19:01:39 | 00,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2009/04/26 16:45:52 | 00,223,128 | ---- | C] () -- C:\Windows\System32\drivers\vaxscsi.sys
[2009/04/26 16:40:59 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/11/21 22:47:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 22:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/21 22:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/21 22:44:16 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/25 07:30:31 | 00,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/04/25 07:30:27 | 00,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/25 07:30:26 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/25 16:40:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/03 17:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 13:34:23 | 00,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 13:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 09:55:06 | 00,003,397 | ---- | C] () -- C:\Windows\AVerRadio.ini
[2003/12/06 03:09:46 | 00,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll
[2003/12/06 03:09:46 | 00,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll
[2003/12/06 03:09:46 | 00,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll
[2003/12/06 03:09:46 | 00,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll
[2003/12/06 03:09:46 | 00,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll
[2003/12/06 03:09:46 | 00,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll
[2003/12/06 03:03:42 | 00,004,298 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/07/25 11:36:11 | 00,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job
[2009/07/25 11:36:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/25 11:35:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2009/07/25 11:32:25 | 00,060,544 | ---- | M] () -- C:\Users\Jonny\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/25 11:31:40 | 00,027,335 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\nvModes.001
[2009/07/25 11:31:09 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/25 11:16:39 | 39,249,378 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/25 11:16:39 | 00,041,281 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/25 11:14:21 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 11:14:21 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 11:14:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/25 11:14:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/25 11:13:28 | 37,560,64768 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/25 10:49:54 | 02,196,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/24 23:07:37 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/07/24 23:06:56 | 03,034,084 | -H-- | M] () -- C:\Users\Jonny\AppData\Local\IconCache.db
[2009/07/24 21:24:53 | 57,344,000 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/24 21:24:53 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/24 21:24:53 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/24 18:46:27 | 39,178,6451 | ---- | M] () -- C:\Users\Jonny\Desktop\I Now Pronounce You Chuck And Larry.MP4
[2009/07/24 18:40:08 | 36,090,3258 | ---- | M] () -- C:\Users\Jonny\Desktop\Bedtime Stories.mp4
[2009/07/24 18:25:59 | 22,576,8758 | ---- | M] () -- C:\Users\Jonny\Desktop\Reign Over Me.MP4
[2009/07/24 11:15:22 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/23 21:43:37 | 15,041,704 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Jonny\Desktop\drweb-cureit.exe
[2009/07/21 11:06:29 | 00,000,695 | ---- | M] () -- C:\Users\Jonny\Desktop\NTREGOPT.lnk
[2009/07/21 11:06:29 | 00,000,676 | ---- | M] () -- C:\Users\Jonny\Desktop\ERUNT.lnk
[2009/07/21 10:56:07 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTM.exe
[2009/07/21 10:55:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jonny\Desktop\erunt-setup.exe
[2009/07/21 10:55:34 | 00,359,656 | ---- | M] (Microsoft Corporation) -- C:\Users\Jonny\Desktop\msicuu2.exe
[2009/07/21 03:01:04 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/07/20 22:43:37 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 22:43:05 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonny\Desktop\mbam-setup.exe
[2009/07/20 22:27:16 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Users\Jonny\Desktop\GooredFix.exe
[2009/07/20 17:01:17 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/07/20 17:01:01 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/20 13:23:44 | 03,146,921 | R--- | M] () -- C:\Users\Jonny\Desktop\ComboFix.exe
[2009/07/19 11:31:17 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny\Desktop\TFC.exe
[2009/07/18 22:56:38 | 00,027,335 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\nvModes.dat
[2009/07/18 22:48:49 | 00,181,156 | ---- | M] () -- C:\Users\Jonny\Desktop\nod32removal.exe
[2009/07/18 17:07:48 | 10,214,94137 | ---- | M] (Activision ) -- C:\Users\Jonny\Desktop\CoDWaW-1.4-1.5-PatchSetup.exe
[2009/07/18 13:21:44 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Jonny\Desktop\Rooter.exe
[2009/07/18 13:18:20 | 00,794,408 | ---- | M] () -- C:\Users\Jonny\Desktop\pbsvc.exe
[2009/07/17 22:55:36 | 00,124,928 | ---- | M] () -- C:\Users\Jonny\Documents\maze.fla
[2009/07/17 22:55:34 | 00,028,672 | ---- | M] () -- C:\Users\Jonny\Documents\bounmce.fla
[2009/07/17 22:46:17 | 00,781,909 | ---- | M] () -- C:\Users\Jonny\Desktop\RSIT.exe
[2009/07/17 22:36:32 | 00,000,606 | ---- | M] () -- C:\Windows\Uninstall Manager.INI
[2009/07/17 22:22:34 | 07,220,240 | ---- | M] () -- C:\Users\Jonny\Desktop\xfire_installer_37966.exe
[2009/07/17 21:37:50 | 00,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/07/17 20:57:39 | 00,000,527 | ---- | M] () -- C:\Users\Jonny\Desktop\3D Rad - The Empty Space.lnk
[2009/07/17 19:41:22 | 35,353,366 | ---- | M] (3DRad.com ) -- C:\Users\Jonny\Desktop\3DRadTrial_636.exe
[2009/07/17 11:40:36 | 08,694,074 | ---- | M] () -- C:\Users\Jonny\Desktop\Poker1M 2.7Patched MadHouse.ipa.zip
[2009/07/17 11:37:18 | 09,371,941 | ---- | M] () -- C:\Users\Jonny\Desktop\Sonic Insect Repeller.ipa.zip
[2009/07/17 11:34:35 | 00,000,541 | ---- | M] () -- C:\Users\Jonny\Documents\My Sharing Folders.lnk
[2009/07/16 20:16:48 | 20,099,416 | ---- | M] () -- C:\Users\Jonny\Desktop\Noise.io_Pro-v1.4.ipa.zip
[2009/07/16 20:13:23 | 02,053,821 | ---- | M] () -- C:\Users\Jonny\Desktop\T_Premium-v1.1-Fufi0.ipa.zip
[2009/07/15 13:14:11 | 00,560,582 | ---- | M] () -- C:\Users\Jonny\Desktop\FastFile_Tools.zip
[2009/07/14 17:22:16 | 00,001,050 | ---- | M] () -- C:\Users\Jonny\Desktop\CoDWaW (2) - Shortcut.lnk
[2009/07/14 17:10:36 | 00,022,328 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\PnkBstrK.sys
[2009/07/14 15:52:22 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/07/14 15:45:05 | 32,997,7183 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/14 13:38:19 | 00,743,222 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/14 13:38:19 | 00,641,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 13:38:19 | 00,116,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 13:35:22 | 00,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/14 10:48:27 | 00,001,836 | ---- | M] () -- C:\Users\Jonny\Desktop\HijackThis.lnk
[2009/07/14 10:47:29 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jonny\Desktop\HJTInstall.exe
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\Windows\PEV.exe
[2009/07/11 22:53:24 | 00,000,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2009/07/10 20:23:32 | 00,023,040 | ---- | M] () -- C:\Users\Jonny\Documents\mazdee.fla
[2009/07/10 19:03:38 | 00,030,720 | ---- | M] () -- C:\Users\Jonny\Documents\CAR.fla
[2009/07/10 18:47:55 | 00,000,139 | ---- | M] () -- C:\Users\Jonny\Documents\minion.swf
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/04 12:48:14 | 00,000,534 | ---- | M] () -- C:\Users\Jonny\Desktop\Saved - Shortcut.lnk
[2009/07/03 19:54:30 | 00,000,443 | ---- | M] () -- C:\Users\Jonny\Desktop\Music - Shortcut.lnk
[2009/07/03 19:52:37 | 00,000,600 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:31 | 00,000,680 | ---- | M] () -- C:\Users\Jonny\AppData\Local\d3d9caps.dat
[2009/07/01 17:26:48 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/01 17:26:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/29 18:45:22 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/27 20:52:38 | 00,001,090 | ---- | M] () -- C:\Users\Jonny\Desktop\Devil May Cry4 [DX10].lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 25th, 2009, 6:46 am

OTL Extras logfile created on: 25/07/2009 11:37:01 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Jonny\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.47 Gb Total Space | 123.05 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.10 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESHVEER
Current User Name: Jonny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062BC8F9-974B-48DD-8BD4-5C6D78B82E1F}" = rport=139 | protocol=6 | dir=out | app=system |
"{088E418D-FB57-4D27-BD41-666404694909}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C0C731A-D28C-4F64-86D0-E3E5FE3D22C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{0EBEA67C-EE29-4AD2-9B03-8C3080AED3DD}" = lport=43594 | protocol=6 | dir=in | name=elitescaoe |
"{341469E0-F255-44BA-B4C7-26C8E50AB58D}" = rport=445 | protocol=6 | dir=out | app=system |
"{35FD6A24-4AA3-4EB7-973E-33691448BFD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DFA8E3C-2A6D-479A-9B46-73335E5FE091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A4220249-6379-4FE8-8BA6-80D6BC163C33}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4D70698-20BE-4AFF-B033-DACD3509A676}" = rport=137 | protocol=17 | dir=out | app=system |
"{C335EAFE-C019-4306-ACB0-9DA5211024FE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CAE29CC5-516D-46A8-89D7-48259BCD21E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3C14BBB-87ED-4C10-8D49-274B6C1D6B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{EB278110-4E7B-464B-8750-EDAF7AAE8F7B}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBC65C62-8FAD-48EB-B1DD-0AFD1146278A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96C10-78C8-49E4-9E1C-A7188D444E65}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{09FA8E3C-3E27-4D6A-91AE-68F98DEF05B5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0BE11849-2782-4250-B29A-D04631D5A7AF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{10D9636B-0FA1-4D17-92E5-16AF2CAE64A1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{15139104-E892-4A44-ACA3-5B4FCF119945}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19D7584E-279C-4C4B-82A4-575D3845F1CF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{1AFB604A-7B99-4010-8DB5-077673FB9D90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{1D9A9B40-76E6-42EC-AE22-01745C9DF127}" = protocol=6 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{200184DE-6959-44EF-BD6E-E9043E3E3A7A}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{20422F25-F350-4F55-B510-B4840F94DF45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{227E1D72-12BD-476E-8480-5FEDDD6C1B60}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{24AEA045-D727-4E51-BF3C-08B96179EA60}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{280B61F9-3D9B-4280-A5CE-E53418A9E279}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{291F7DA0-77C9-4F11-8B7F-DAD89F4FC212}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2ADDC352-3590-4C97-A159-0538A004CBFD}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{36161F8D-7254-4624-B51A-0A853F91AB70}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{3BD022AF-3DEF-4A16-AC92-CC4EFB5763CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{49A89240-6E2A-489E-8325-31A3FBB2C70E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5303B92F-6468-4517-BFBC-BF8C4220F0A4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54458006-E34B-43CF-B398-47E55F7FBDA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56DE83C4-2578-4690-803F-FDEFC1742FB6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{58071BF0-C09A-4A9F-94D2-AC8AF676263F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{58A6CFF8-85AC-4EC9-9B80-EC389CFEA188}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{59C82D42-156B-45CD-8CE5-9C1ABD983CFC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5C884772-E378-4B9E-B394-4F37D1871570}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{622FA5BE-17FF-4559-A9C8-ED963233FEFD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{628330B0-0BF3-47BF-B813-0AA28D008068}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{638B569C-F2A5-4CDA-B664-3E4E8DE9B759}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68E808BE-91D1-4429-80FC-BE0AA5CAF8C0}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{694689CD-A605-4235-912D-10547AD0C4F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgtray.exe |
"{6AE0BA12-0D46-4518-9ADF-0DF58CB042AE}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6B43F42C-D101-4E51-B01A-EC729D972EE0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{71E4906A-C4E5-42A1-B99A-CA99C6DFD8E4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{74DE9808-BA65-4B56-988E-CF9CE18DDEE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe |
"{76582215-B58A-4074-B4E2-B940C67CB3A9}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{84A8C2D8-87CE-45D8-8974-A9948963C19D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{8BAFEE4F-CCB7-4277-AA6A-8084E35EF0D8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{90082445-2BA3-4E2F-8525-7F9497F120F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90C9E731-59B2-4712-9873-9C8BE0F84861}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{91FD91BF-97B2-4111-A310-1E773E469791}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{952BCEF4-07EE-4E2B-8C21-B1813F7D0CF3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{972A5AA4-1A20-4ADA-A90E-CB73733AA8D7}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9AEF1DA1-671C-4795-AC5C-F4C97E43DA25}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{9E7A8B28-D463-4386-98DE-C68673E99D0F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9EFE3E2C-6335-4DBA-B529-488BDEFE322F}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{A16B23CF-9E29-4225-B4CF-003A310DBC66}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{A3DE4116-70E7-4D3E-A7E8-8D33375A11E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe |
"{A5662099-4F8C-40C9-B873-C4B8E3974F47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6F941E8-7B2A-4142-9669-DB9E78ABA65D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA307F3D-C477-402B-8FA8-5A677589824B}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgtray.exe |
"{ABA4DEC9-C944-4CFF-A851-3AE91EEA927E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AC0DC69A-6267-4153-B6E5-06099DAE8319}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{AC32CCA6-21AC-4862-959D-44C4D8F408BE}" = protocol=17 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{ADD902C7-9187-4982-B04B-39338BBC65FE}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{B3C265EC-AD41-4ED7-8B9C-05E7A376CD19}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{B779FD8B-E814-4799-BAF9-041DA823E9D7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C390B291-9E70-4D1E-AF70-9CDB39391C41}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C4AC6EB2-BDEC-4A5F-B35C-D3548CAAC877}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D1BDDA8C-87C4-4615-94F5-B3DB1EDA6AA1}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{D827965C-B380-49B4-893E-08E8DEC3EB0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE4E3F0F-E3B5-46C6-BBED-A36A17AD9344}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F966F953-E1FE-41F9-A665-B1AFAEB71F96}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FA278808-9E98-40F3-B9AD-8CCEDAEC035A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{FB1D207E-ECAC-4029-B2F9-187C968BA429}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{FBB090FE-F07D-4393-913D-F09583BFA7F9}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{FC0E956C-4719-4897-9A0F-2B4ADA432527}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{004F865E-F036-473C-860F-F8311680F11B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{08D8CBBA-1B95-43A2-82A8-ADB65E86ED34}C:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"TCP Query User{1180650E-0D71-4C59-84DC-DDCF295D405C}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{170C20ED-5538-477C-9387-134C4AF47D98}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1C89FF02-FE3A-400D-A71D-0E1B0BE0C242}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{2D2CD9B6-7DC2-47AB-8870-FC7C1032213A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{2F9BC0E4-B096-4AA0-83C3-BC5E7F6E9FEA}C:\users\jonny\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"TCP Query User{38AF9758-DCC4-42F8-9CFE-D24771BBF861}C:\program files\activision\call of duty - world at war\codwaw (2).exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw (2).exe |
"TCP Query User{474FC2FD-7B4C-47BD-8A21-13E3F099B22C}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=6 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"TCP Query User{4DFD2325-2AEC-4B46-8945-5D5084B0EB40}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{50BA37F3-93E8-4B03-9121-C4A92DF7D60A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{53F83388-6C24-47F3-8870-A38C76E08271}C:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=6 | dir=in | app=c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"TCP Query User{555106DC-D5D7-4F27-BC3C-F422C1DC8A73}C:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{6E7108C1-9249-478E-9F9F-AF22DFF35023}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7D6CEBF8-DB71-4111-BA06-F68495DBDB7C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9D53B217-5D10-47E1-BC25-EF991429B61B}C:\program files\beatpack\beatpack.exe" = protocol=6 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"TCP Query User{A2787B0E-9280-429E-979A-16465469CB35}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AB62CA9D-0893-49AC-8452-54B681EBCC59}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{AD004B4A-7F4D-4856-B6E1-9DCC5C20697C}C:\users\jonny\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"TCP Query User{C1706AC4-342A-45B9-85E7-AF62AF7FD95A}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |
"TCP Query User{D6A5E8DE-2945-49CD-B368-A37B7648F4C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D911C422-469A-4E26-B758-35D2DEA817B5}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=6 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"TCP Query User{DCBA18CA-CD1F-4C84-B328-0F82EDE4F241}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{FF27B841-7623-4B08-B4CB-7C2CE9F57CB0}C:\sun\sdk\jdk\bin\java.exe" = protocol=6 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe |
"UDP Query User{06A89743-8BD3-4D76-97CA-A82D163992CA}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{07C52273-BACA-4A0F-BFF5-FE5FA5707F6F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0EECF539-17B8-4BCD-8F02-C3EC0BDFA011}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=17 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"UDP Query User{10C72A6C-6D17-4F79-A127-F5C65FB6ABC5}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=17 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"UDP Query User{26E591EC-F85C-4EF4-B49A-ED40E635A958}C:\sun\sdk\jdk\bin\java.exe" = protocol=17 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe |
"UDP Query User{35F44967-8951-4715-A1F7-48E98510BC15}C:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"UDP Query User{432C4A61-205A-45E1-BC7F-99894B51932F}C:\users\jonny\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"UDP Query User{4D73DBC7-41C9-4FD9-B7B8-BD771F590DD4}C:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=17 | dir=in | app=c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"UDP Query User{4FA6600C-0A9F-42F5-B83A-990A65B195EF}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{4FF18342-C82A-4E93-9C13-053C24CE8F33}C:\program files\beatpack\beatpack.exe" = protocol=17 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"UDP Query User{5053B254-5FF9-48F1-BDD0-67BC71C313A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{53144CF5-84BD-424B-9C03-4E6CAF0FB89D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{77A52B58-5BB5-4A27-992E-5EACBDDCDB80}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |
"UDP Query User{86A606C7-21AA-47AC-A23F-0E0330174F8F}C:\users\jonny\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"UDP Query User{9344A1CD-7E69-4127-B809-380DF7E75379}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{99360190-922B-4CF1-BC5F-F8AFCF1CE87B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A4F2704E-752A-4C68-ABA1-9D29DFD76EBF}C:\program files\activision\call of duty - world at war\codwaw (2).exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw (2).exe |
"UDP Query User{B7983852-0E4A-4ABB-8212-537CF9F91C50}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{B8D69F20-5460-4C16-A2A6-8B6DFA144558}C:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{BDFF5242-C3C8-40C0-9254-DAC1C451C74F}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{D5350BB8-0BF4-4A0B-89A0-4C2E617AACFB}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{E522E844-51A2-40B3-A7DD-FF5B6F7E0285}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E68BA396-1515-44E2-93A7-E8629F429409}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{FFECF2B9-2167-489A-9731-5567904C7AFB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}" = Wheelman
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B45D262-3BEE-477F-8652-EC24950D3F65}" = Adobe Director 11
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5C6F4323-98CC-4031-897F-EEAF6B2AF432}" = TortoiseSVN 1.5.4.14259 (32 bit)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}" = Adobe Setup
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10E6F40-5C82-11DD-8757-000ACD11CAF7}" = Python 2.4 pygame-1.8.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5EF7D68-9433-421A-8DB3-248ED4705FB2}" = USB Radio
"{C6050736-FF54-4497-9ACA-05819DC4202E}" = AVerTV Analog Express Driver
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8852E3A-7AF8-4E4D-BECD-463ECA076096}" = MobileMe Control Panel
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"3D Rad_is1" = 3D Rad v6.36
"7-Zip" = 7-Zip 4.65
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2755fefb5e3352ee2921713793bdbf8" = Adobe Director 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BeatPack" = BeatPack (0.9)
"BurnInTest_is1" = BurnInTest v6.0 Standard
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DiskAid_is1" = DiskAid 3.0
"Download Manager" = Download Manager 2.3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Dynasty Warriors 6 *DVDRip* [Team JPN]_is1" = Dynasty Warriors 6
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 8" = FL Studio 8
"Game Maker 7.0" = Game Maker 7.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"High Quality Youtube Downloader_is1" = High Quality Youtube Downloader 1.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HyperCam 2" = HyperCam 2
"igLoader" = igLoader
"IL Download Manager" = IL Download Manager
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mixxx" = NSIS Mixxx
"Monster Trucks Nitro Demo" = Monster Trucks Nitro Demo
"Movies" = Movies
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Satellite TV_is1" = Satellite TV for PC
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Product Key Explorer_is1" = Product Key Explorer 2.1.7
"ProInst" = Intel(R) PROSet/Wireless Software
"PSP Video 9" = PSP Video 9 4.07
"RealPlayer 6.0" = RealPlayer
"SCAR Divi 3.15b_is1" = SCAR Divi CDE 3.15b
"Subversion_is1" = Subversion 1.4.5-r25188
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Videora iPod touch Converter" = Videora iPod touch Converter 3.07
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinPatrol" = WinPatrol 2009
"winpwn-2.5" = winpwn-2.5 2.5.0.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"YouTube Downloader App" = YouTube Downloader App 1.02

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Hordes of Orcs Trial Version" = Hordes of Orcs Trial Version
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/07/2009 10:52:42 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:52:42 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:05 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:05 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:27 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:27 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:49 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:49 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:54:11 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:54:11 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

[ Media Center Events ]
Error - 28/04/2008 16:42:42 | Computer Name = Deshveer | Source = ehRecvr | ID = 4
Description =

Error - 25/05/2008 06:11:22 | Computer Name = Deshveer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 17:22:46 | Computer Name = Deshveer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 05/05/2008 16:42:23 | Computer Name = Deshveer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15930
seconds with 7140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/07/2009 06:11:46 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:46:24 on 23/07/2009 was unexpected.

Error - 24/07/2009 10:00:13 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:00:13 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:00:14 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 24/07/2009 10:02:02 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:02:10 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:03:05 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:03:05 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 15:27:29 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:39:49 on 24/07/2009 was unexpected.

Error - 25/07/2009 06:14:15 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:50:42 on 25/07/2009 was unexpected.


< End of report >
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 25th, 2009, 6:47 am

OTL Extras logfile created on: 25/07/2009 11:37:01 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Jonny\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.47 Gb Total Space | 123.05 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.10 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESHVEER
Current User Name: Jonny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062BC8F9-974B-48DD-8BD4-5C6D78B82E1F}" = rport=139 | protocol=6 | dir=out | app=system |
"{088E418D-FB57-4D27-BD41-666404694909}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C0C731A-D28C-4F64-86D0-E3E5FE3D22C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{0EBEA67C-EE29-4AD2-9B03-8C3080AED3DD}" = lport=43594 | protocol=6 | dir=in | name=elitescaoe |
"{341469E0-F255-44BA-B4C7-26C8E50AB58D}" = rport=445 | protocol=6 | dir=out | app=system |
"{35FD6A24-4AA3-4EB7-973E-33691448BFD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DFA8E3C-2A6D-479A-9B46-73335E5FE091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A4220249-6379-4FE8-8BA6-80D6BC163C33}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4D70698-20BE-4AFF-B033-DACD3509A676}" = rport=137 | protocol=17 | dir=out | app=system |
"{C335EAFE-C019-4306-ACB0-9DA5211024FE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CAE29CC5-516D-46A8-89D7-48259BCD21E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3C14BBB-87ED-4C10-8D49-274B6C1D6B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{EB278110-4E7B-464B-8750-EDAF7AAE8F7B}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBC65C62-8FAD-48EB-B1DD-0AFD1146278A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96C10-78C8-49E4-9E1C-A7188D444E65}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{09FA8E3C-3E27-4D6A-91AE-68F98DEF05B5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0BE11849-2782-4250-B29A-D04631D5A7AF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{10D9636B-0FA1-4D17-92E5-16AF2CAE64A1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{15139104-E892-4A44-ACA3-5B4FCF119945}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19D7584E-279C-4C4B-82A4-575D3845F1CF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{1AFB604A-7B99-4010-8DB5-077673FB9D90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{1D9A9B40-76E6-42EC-AE22-01745C9DF127}" = protocol=6 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{200184DE-6959-44EF-BD6E-E9043E3E3A7A}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{20422F25-F350-4F55-B510-B4840F94DF45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{227E1D72-12BD-476E-8480-5FEDDD6C1B60}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{24AEA045-D727-4E51-BF3C-08B96179EA60}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{280B61F9-3D9B-4280-A5CE-E53418A9E279}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{291F7DA0-77C9-4F11-8B7F-DAD89F4FC212}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2ADDC352-3590-4C97-A159-0538A004CBFD}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{36161F8D-7254-4624-B51A-0A853F91AB70}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{3BD022AF-3DEF-4A16-AC92-CC4EFB5763CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{49A89240-6E2A-489E-8325-31A3FBB2C70E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5303B92F-6468-4517-BFBC-BF8C4220F0A4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54458006-E34B-43CF-B398-47E55F7FBDA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56DE83C4-2578-4690-803F-FDEFC1742FB6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{58071BF0-C09A-4A9F-94D2-AC8AF676263F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{58A6CFF8-85AC-4EC9-9B80-EC389CFEA188}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{59C82D42-156B-45CD-8CE5-9C1ABD983CFC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5C884772-E378-4B9E-B394-4F37D1871570}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{622FA5BE-17FF-4559-A9C8-ED963233FEFD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{628330B0-0BF3-47BF-B813-0AA28D008068}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{638B569C-F2A5-4CDA-B664-3E4E8DE9B759}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68E808BE-91D1-4429-80FC-BE0AA5CAF8C0}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{694689CD-A605-4235-912D-10547AD0C4F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgtray.exe |
"{6AE0BA12-0D46-4518-9ADF-0DF58CB042AE}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6B43F42C-D101-4E51-B01A-EC729D972EE0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{71E4906A-C4E5-42A1-B99A-CA99C6DFD8E4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{74DE9808-BA65-4B56-988E-CF9CE18DDEE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe |
"{76582215-B58A-4074-B4E2-B940C67CB3A9}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{84A8C2D8-87CE-45D8-8974-A9948963C19D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{8BAFEE4F-CCB7-4277-AA6A-8084E35EF0D8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{90082445-2BA3-4E2F-8525-7F9497F120F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90C9E731-59B2-4712-9873-9C8BE0F84861}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{91FD91BF-97B2-4111-A310-1E773E469791}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{952BCEF4-07EE-4E2B-8C21-B1813F7D0CF3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{972A5AA4-1A20-4ADA-A90E-CB73733AA8D7}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9AEF1DA1-671C-4795-AC5C-F4C97E43DA25}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{9E7A8B28-D463-4386-98DE-C68673E99D0F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9EFE3E2C-6335-4DBA-B529-488BDEFE322F}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{A16B23CF-9E29-4225-B4CF-003A310DBC66}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{A3DE4116-70E7-4D3E-A7E8-8D33375A11E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe |
"{A5662099-4F8C-40C9-B873-C4B8E3974F47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6F941E8-7B2A-4142-9669-DB9E78ABA65D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA307F3D-C477-402B-8FA8-5A677589824B}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgtray.exe |
"{ABA4DEC9-C944-4CFF-A851-3AE91EEA927E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AC0DC69A-6267-4153-B6E5-06099DAE8319}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{AC32CCA6-21AC-4862-959D-44C4D8F408BE}" = protocol=17 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{ADD902C7-9187-4982-B04B-39338BBC65FE}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{B3C265EC-AD41-4ED7-8B9C-05E7A376CD19}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{B779FD8B-E814-4799-BAF9-041DA823E9D7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C390B291-9E70-4D1E-AF70-9CDB39391C41}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C4AC6EB2-BDEC-4A5F-B35C-D3548CAAC877}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D1BDDA8C-87C4-4615-94F5-B3DB1EDA6AA1}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{D827965C-B380-49B4-893E-08E8DEC3EB0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE4E3F0F-E3B5-46C6-BBED-A36A17AD9344}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F966F953-E1FE-41F9-A665-B1AFAEB71F96}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FA278808-9E98-40F3-B9AD-8CCEDAEC035A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{FB1D207E-ECAC-4029-B2F9-187C968BA429}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{FBB090FE-F07D-4393-913D-F09583BFA7F9}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{FC0E956C-4719-4897-9A0F-2B4ADA432527}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{004F865E-F036-473C-860F-F8311680F11B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{08D8CBBA-1B95-43A2-82A8-ADB65E86ED34}C:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"TCP Query User{1180650E-0D71-4C59-84DC-DDCF295D405C}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{170C20ED-5538-477C-9387-134C4AF47D98}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1C89FF02-FE3A-400D-A71D-0E1B0BE0C242}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{2D2CD9B6-7DC2-47AB-8870-FC7C1032213A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{2F9BC0E4-B096-4AA0-83C3-BC5E7F6E9FEA}C:\users\jonny\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"TCP Query User{38AF9758-DCC4-42F8-9CFE-D24771BBF861}C:\program files\activision\call of duty - world at war\codwaw (2).exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw (2).exe |
"TCP Query User{474FC2FD-7B4C-47BD-8A21-13E3F099B22C}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=6 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"TCP Query User{4DFD2325-2AEC-4B46-8945-5D5084B0EB40}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{50BA37F3-93E8-4B03-9121-C4A92DF7D60A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{53F83388-6C24-47F3-8870-A38C76E08271}C:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=6 | dir=in | app=c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"TCP Query User{555106DC-D5D7-4F27-BC3C-F422C1DC8A73}C:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{6E7108C1-9249-478E-9F9F-AF22DFF35023}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7D6CEBF8-DB71-4111-BA06-F68495DBDB7C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9D53B217-5D10-47E1-BC25-EF991429B61B}C:\program files\beatpack\beatpack.exe" = protocol=6 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"TCP Query User{A2787B0E-9280-429E-979A-16465469CB35}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AB62CA9D-0893-49AC-8452-54B681EBCC59}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{AD004B4A-7F4D-4856-B6E1-9DCC5C20697C}C:\users\jonny\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"TCP Query User{C1706AC4-342A-45B9-85E7-AF62AF7FD95A}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |
"TCP Query User{D6A5E8DE-2945-49CD-B368-A37B7648F4C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D911C422-469A-4E26-B758-35D2DEA817B5}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=6 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"TCP Query User{DCBA18CA-CD1F-4C84-B328-0F82EDE4F241}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{FF27B841-7623-4B08-B4CB-7C2CE9F57CB0}C:\sun\sdk\jdk\bin\java.exe" = protocol=6 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe |
"UDP Query User{06A89743-8BD3-4D76-97CA-A82D163992CA}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{07C52273-BACA-4A0F-BFF5-FE5FA5707F6F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0EECF539-17B8-4BCD-8F02-C3EC0BDFA011}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=17 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"UDP Query User{10C72A6C-6D17-4F79-A127-F5C65FB6ABC5}C:\program files\saints row 2\sr2_pc (2).exe" = protocol=17 | dir=in | app=c:\program files\saints row 2\sr2_pc (2).exe |
"UDP Query User{26E591EC-F85C-4EF4-B49A-ED40E635A958}C:\sun\sdk\jdk\bin\java.exe" = protocol=17 | dir=in | app=c:\sun\sdk\jdk\bin\java.exe |
"UDP Query User{35F44967-8951-4715-A1F7-48E98510BC15}C:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"UDP Query User{432C4A61-205A-45E1-BC7F-99894B51932F}C:\users\jonny\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"UDP Query User{4D73DBC7-41C9-4FD9-B7B8-BD771F590DD4}C:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=17 | dir=in | app=c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"UDP Query User{4FA6600C-0A9F-42F5-B83A-990A65B195EF}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{4FF18342-C82A-4E93-9C13-053C24CE8F33}C:\program files\beatpack\beatpack.exe" = protocol=17 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"UDP Query User{5053B254-5FF9-48F1-BDD0-67BC71C313A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{53144CF5-84BD-424B-9C03-4E6CAF0FB89D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{77A52B58-5BB5-4A27-992E-5EACBDDCDB80}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat |
"UDP Query User{86A606C7-21AA-47AC-A23F-0E0330174F8F}C:\users\jonny\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jonny\program files\dna\btdna.exe |
"UDP Query User{9344A1CD-7E69-4127-B809-380DF7E75379}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{99360190-922B-4CF1-BC5F-F8AFCF1CE87B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A4F2704E-752A-4C68-ABA1-9D29DFD76EBF}C:\program files\activision\call of duty - world at war\codwaw (2).exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw (2).exe |
"UDP Query User{B7983852-0E4A-4ABB-8212-537CF9F91C50}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{B8D69F20-5460-4C16-A2A6-8B6DFA144558}C:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{BDFF5242-C3C8-40C0-9254-DAC1C451C74F}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{D5350BB8-0BF4-4A0B-89A0-4C2E617AACFB}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{E522E844-51A2-40B3-A7DD-FF5B6F7E0285}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E68BA396-1515-44E2-93A7-E8629F429409}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{FFECF2B9-2167-489A-9731-5567904C7AFB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}" = Wheelman
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B45D262-3BEE-477F-8652-EC24950D3F65}" = Adobe Director 11
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5C6F4323-98CC-4031-897F-EEAF6B2AF432}" = TortoiseSVN 1.5.4.14259 (32 bit)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}" = Adobe Setup
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10E6F40-5C82-11DD-8757-000ACD11CAF7}" = Python 2.4 pygame-1.8.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5EF7D68-9433-421A-8DB3-248ED4705FB2}" = USB Radio
"{C6050736-FF54-4497-9ACA-05819DC4202E}" = AVerTV Analog Express Driver
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8852E3A-7AF8-4E4D-BECD-463ECA076096}" = MobileMe Control Panel
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"3D Rad_is1" = 3D Rad v6.36
"7-Zip" = 7-Zip 4.65
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2755fefb5e3352ee2921713793bdbf8" = Adobe Director 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BeatPack" = BeatPack (0.9)
"BurnInTest_is1" = BurnInTest v6.0 Standard
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DiskAid_is1" = DiskAid 3.0
"Download Manager" = Download Manager 2.3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Dynasty Warriors 6 *DVDRip* [Team JPN]_is1" = Dynasty Warriors 6
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 8" = FL Studio 8
"Game Maker 7.0" = Game Maker 7.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"High Quality Youtube Downloader_is1" = High Quality Youtube Downloader 1.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HyperCam 2" = HyperCam 2
"igLoader" = igLoader
"IL Download Manager" = IL Download Manager
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mixxx" = NSIS Mixxx
"Monster Trucks Nitro Demo" = Monster Trucks Nitro Demo
"Movies" = Movies
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Satellite TV_is1" = Satellite TV for PC
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Product Key Explorer_is1" = Product Key Explorer 2.1.7
"ProInst" = Intel(R) PROSet/Wireless Software
"PSP Video 9" = PSP Video 9 4.07
"RealPlayer 6.0" = RealPlayer
"SCAR Divi 3.15b_is1" = SCAR Divi CDE 3.15b
"Subversion_is1" = Subversion 1.4.5-r25188
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Videora iPod touch Converter" = Videora iPod touch Converter 3.07
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinPatrol" = WinPatrol 2009
"winpwn-2.5" = winpwn-2.5 2.5.0.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"YouTube Downloader App" = YouTube Downloader App 1.02

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Hordes of Orcs Trial Version" = Hordes of Orcs Trial Version
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/07/2009 10:52:42 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:52:42 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:05 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:05 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:27 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:27 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:53:49 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:53:49 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

Error - 19/07/2009 10:54:11 | Computer Name = Deshveer | Source = Windows Search Service | ID = 9000
Description =

Error - 19/07/2009 10:54:11 | Computer Name = Deshveer | Source = Windows Search Service | ID = 1006
Description =

[ Media Center Events ]
Error - 28/04/2008 16:42:42 | Computer Name = Deshveer | Source = ehRecvr | ID = 4
Description =

Error - 25/05/2008 06:11:22 | Computer Name = Deshveer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 17:22:46 | Computer Name = Deshveer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 05/05/2008 16:42:23 | Computer Name = Deshveer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15930
seconds with 7140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/07/2009 06:11:46 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:46:24 on 23/07/2009 was unexpected.

Error - 24/07/2009 10:00:13 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:00:13 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:00:14 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 24/07/2009 10:02:02 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:02:10 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:03:05 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 10:03:05 | Computer Name = Deshveer | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 24/07/2009 15:27:29 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:39:49 on 24/07/2009 was unexpected.

Error - 25/07/2009 06:14:15 | Computer Name = Deshveer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:50:42 on 25/07/2009 was unexpected.


< End of report >
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 25th, 2009, 4:47 pm

Hi :)

Sorry for the delay replying, had a hectic day.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> right click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Custom OTL Script:

  • Right-click OTL and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code: Select all
:Services
eamon
ehdrv
epfwwfpr

:OTL
IE - URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)

:Reg
[HKEY_USERS\S-1-5-21-2617438544-2265370005-1231189347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=-
"BitTorrent DNA"=-
"uTorrent"=-

:Files
C:\Windows\ocsetup_install_NetFx3.etl
C:\Windows\ocsetup_cbs_install_NetFx3.perf
C:\Windows\ocsetup_cbs_install_NetFx3.dpx
C:\Users\Jonny\AppData\Local\PunkBuster
C:\Users\Jonny\AppData\Roaming\PnkBstrK.sys

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, At the prompt click OK.
  • Reboot the PC when it is done if it did not fo so.
  • Post the OTL log in your next reply.

Note: The log can also be located within this folder: C:\_OTL

Vista Check-Disk:

I am sorry I do not have a specific set of instructions for this or had the time today to create any.

Please visit this webpage and scroll down to:

METHOD ONE:
Run Check Disk from within Vista


Then follow the instructions through 1 - 10

Note: Please make sure you do carry out the above as it is vital!

Run Kaspersky Online AV Scanner:

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • OTL Log.
  • Kaspersky results.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware