Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJacked on Facebook

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJacked on Facebook

Unread postby DeeSulli » January 27th, 2010, 1:32 pm

Only on FaceBook and only with this computer, my browser is hijacked at least one out of every three attempts to click a link. The page shows up in the background but a popup blocks it, telling me that explorer cannot open that page and freezes the page, clicking off the popup sends me to a diagnose problems page...which finds no connection problem.

here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:22 PM, on 1/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MT6460
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MT6460
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=MT6460
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dee\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-us.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7413 bytes
123 Free Solitaire
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Anfy
Aspell English Dictionary-0.50-2
ATI Uninstaller
AVG Free 9.0
Bonjour
Browser Address Error Redirector
CAM UnZip 4.42
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
GNU Aspell 0.50-3
GTK+ Runtime 2.12.8 rev a (remove only)
Hidden Expedition - Titanic (remove only)
HijackThis 2.0.2
Homestead SiteBuilder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HouseCall 6.6
InstallMgr
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
jZip
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Digital Image Starter Edition 2006
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Drivers
MSN Toolbar
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Paint.NET v3.36
Penguins!
Polar Bowler
Power2Go 5.0
PrimoPDF
REALTEK RTL8187 Wireless LAN Driver
REALTEK USB Wireless LAN Driver
Registry Mechanic 8.0
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SigmaTel Audio
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Rise of Atlantis (remove only)
Tradewinds
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Yahoo! Toolbar

Thank you for your help
Dee Sullivan
DeeSulli
Active Member
 
Posts: 6
Joined: January 27th, 2010, 1:00 pm
Advertisement
Register to Remove

Re: HiJacked on Facebook

Unread postby MWR 3 day Mod » January 31st, 2010, 1:42 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HiJacked on Facebook

Unread postby deltalima » February 2nd, 2010, 6:41 am

Hi DeeSulli,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: HiJacked on Facebook

Unread postby DeeSulli » February 2nd, 2010, 2:48 pm

Thank you very much. I do appreciate your help.
DeeSulli
Active Member
 
Posts: 6
Joined: January 27th, 2010, 1:00 pm

Re: HiJacked on Facebook

Unread postby deltalima » February 3rd, 2010, 3:12 pm

Hi DeeSulli,

I noticed that you have Registry Mechanic installed on your computer. Registry cleaners can cause more problems than they fix. Here is a quote from an expert on such matters.
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

Please take a look at this article.

The problem you describe is not something I have previously encountered, could you please describe in more detail exactly what is on screen when you see the "page show up in the background", and also describe the pop up that blocks it? Please also describe the "page in the background" that you see when redirected.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Rightclick on OTL.exe and select Run as Administrator
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: HiJacked on Facebook

Unread postby DeeSulli » February 4th, 2010, 7:08 pm

OTL Report:
OTL logfile created on: 2/4/2010 5:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Dee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.19 Gb Total Space | 33.33 Gb Free Space | 51.91% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 4.58 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEE-PC
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/31 08:56:59 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/24 13:08:31 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/24 13:08:31 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/24 13:08:19 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/24 13:08:19 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/24 13:08:12 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/11 01:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/03 10:37:24 | 000,812,952 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/08/24 06:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/01/23 05:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/12/28 05:58:32 | 000,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2006/11/17 16:58:40 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/09/29 11:57:36 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006/09/29 11:57:30 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


========== Modules (SafeList) ==========

MOD - [2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
MOD - [2009/12/24 13:09:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 13:08:12 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/24 05:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/23 05:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/12/28 05:58:32 | 000,557,056 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MT6460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MT6460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=MT6460

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Dee\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0392e78f-8ada-11de-84fe-00e0b8d46758}\Shell - "" = AutoRun
O33 - MountPoints2\{0392e78f-8ada-11de-84fe-00e0b8d46758}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff0bd41d-0729-11dd-a796-00e0b8d46758}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{ff0bd41d-0729-11dd-a796-00e0b8d46758}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/14 12:12:33 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/04 16:58:35 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2010/02/01 20:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/27 21:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/27 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dee\Documents\*.tmp files -> C:\Users\Dee\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/04 17:01:44 | 003,932,160 | -HS- | M] () -- C:\Users\Dee\ntuser.dat
[2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2010/02/04 15:04:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 15:04:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 14:18:16 | 000,002,627 | ---- | M] () -- C:\Users\Dee\Desktop\Microsoft Office Word 2007.lnk
[2010/02/04 09:18:20 | 055,067,609 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/02 16:04:01 | 000,015,240 | ---- | M] () -- C:\Users\Dee\Documents\I most certainly do have cause to contact you.docx
[2010/02/01 21:03:53 | 001,721,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/01 21:03:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/01 21:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/01 21:01:07 | 000,524,288 | -HS- | M] () -- C:\Users\Dee\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/01 21:01:07 | 000,065,536 | -HS- | M] () -- C:\Users\Dee\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/01 20:59:46 | 003,454,907 | -H-- | M] () -- C:\Users\Dee\AppData\Local\IconCache.db
[2010/02/01 17:12:01 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/30 21:45:27 | 000,132,059 | ---- | M] () -- C:\Users\Dee\Documents\Lumbee criteria.pdf
[2010/01/27 15:18:19 | 000,034,304 | ---- | M] () -- C:\Users\Dee\Documents\letter to Bev.doc
[2010/01/27 11:31:36 | 000,001,908 | ---- | M] () -- C:\Users\Dee\Desktop\HijackThis.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dee\Documents\*.tmp files -> C:\Users\Dee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/02 06:14:32 | 000,015,240 | ---- | C] () -- C:\Users\Dee\Documents\I most certainly do have cause to contact you.docx
[2010/01/30 21:45:27 | 000,132,059 | ---- | C] () -- C:\Users\Dee\Documents\Lumbee criteria.pdf
[2010/01/27 11:31:36 | 000,001,908 | ---- | C] () -- C:\Users\Dee\Desktop\HijackThis.lnk
[2010/01/25 14:55:37 | 000,034,304 | ---- | C] () -- C:\Users\Dee\Documents\letter to Bev.doc
[2009/09/08 16:42:06 | 000,000,680 | ---- | C] () -- C:\Users\Dee\AppData\Local\d3d9caps.dat
[2009/08/17 14:48:45 | 000,076,407 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\Smiley.ico
[2009/08/07 16:37:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/20 17:32:58 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/03/03 13:40:40 | 000,024,206 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\UserTile.png
[2008/02/28 15:01:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/05 17:31:22 | 000,019,968 | ---- | C] () -- C:\Users\Dee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 14:33:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/07/22 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\.purple
[2008/05/30 20:33:05 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\123 Free Solitaire
[2009/08/19 12:18:54 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Azureus
[2009/10/29 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\BitTorrent
[2009/06/01 12:11:56 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\GetRightToGo
[2008/07/06 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\gtk-2.0
[2008/12/24 10:28:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\HouseCall 6.6
[2008/03/01 22:09:08 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\iWinArcade
[2009/09/03 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\mjusbsp
[2008/05/01 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PeerNetworking
[2007/11/06 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SampleView
[2008/02/16 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Smith Micro
[2008/04/19 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SpinTop
[2007/11/05 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\WildTangent
[2010/02/01 17:12:01 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/02/01 21:00:50 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 04:06:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 04:06:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 04:06:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 01:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:0D4A6333
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:49D0B9BB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5E196FE2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7862839
< End of report >

Extras Report:

OTL Extras logfile created on: 2/4/2010 5:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Dee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.19 Gb Total Space | 33.33 Gb Free Space | 51.91% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 4.58 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEE-PC
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E857DD-C90F-4275-B6DA-FEF272943DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BA9B83C-E2BF-459E-82EB-EC48C3E975FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D10041B-4D79-46EF-9FB4-F3C4B640D730}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1E29B403-E409-4773-8C25-5701F1A939A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27A2389A-269C-4D03-A43C-D0386F0BAE58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{33C10ABE-CC38-40DE-A43F-BD6FC1058A03}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADECC65-0052-43D9-AE42-623F81BB283D}" = rport=139 | protocol=6 | dir=out | app=system |
"{49B5CD1A-D737-40AD-BF4E-1941C9B68919}" = lport=445 | protocol=6 | dir=in | app=system |
"{51BB208B-7A9F-4D1E-9C77-163550C71731}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6FB3CD5A-A927-4092-BC45-46179789255E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{78AD062A-FC24-4299-BB81-834A86790CB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A503B8C-B933-48F2-A84D-16A60EF9BDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{94C98A95-B2BE-4E68-A55C-A4ACC1DB3503}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5FA1173-0BD0-4A09-8F83-037A71A8C4C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B7F860E2-FCB8-471D-A00B-E921A8202596}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB5509D1-1C4A-4C84-90F7-5BB883C67CD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCFCE352-CFAD-43FA-98D4-BD7580690A0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D342F20A-7523-49A2-A552-7804A6D65B32}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF4E48B6-F498-425F-9DEC-71882389E2E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1A83D69-F962-4F79-B07A-4F08DE63021C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F64ABDF4-7FB6-4536-856C-36ADA0E003E7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0477EEF1-88D1-413A-ACC3-FAA992C1F963}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{08F9127D-8BEF-44E2-B4C9-17104BD51A66}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0FE79C7F-5986-4F61-886C-AF3825F94D80}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{12B9200E-A548-4B35-B77F-6451F6210D9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FC337B0-7F2E-477A-B89A-2E18ADF766E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FD9B578-E8D5-41A4-9102-118131121014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2178C6B7-64CE-455A-A8AF-0657D682749F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{38C1BE20-6D23-4EF6-8F6E-CD66554D2074}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4C9C586A-5BD1-4B0A-9457-251C44368A82}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5FEA2995-1EAD-4BCC-94E8-99D3D7630045}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{734D789C-FB10-4B96-92E1-49A3F41EEE5B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{860F72D3-F71F-4DCD-A635-AEAC64635A79}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90B370A4-46E3-41B0-AE53-22815416D49F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8239DE7-396B-4F71-AA46-A450080CFE2A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{ABB2D30D-43F4-453E-B5AF-C10CC22021A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CA739095-4077-401F-9F1F-E9C04BA77273}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CCF12762-921A-415A-94F7-2DD87D197F68}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC1F0976-8D55-47C8-BEE3-5381F8F1334F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3FBDA3B-23D9-47E7-985E-488AA1D1E0DB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FE68FD7B-51E5-47DD-897B-2D5771714951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1A87CA6B-B374-4BB0-9C50-935AA7EDC632}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{65F83A57-8EA6-48E9-BB9C-1563B4F9FB17}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{9B8D4589-E1FD-4939-8531-C4EE3A0A932A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B37EC50E-556F-4FA3-A551-CEF027BFB6D7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D74057F1-3C82-47E1-BF45-1A7592913076}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{128063F7-3EF2-4540-BCF7-348FA4D5961D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{822948C1-ACFB-4275-B48D-F943F8476DCE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C5CFDCCD-5CB9-4450-B222-D0D31C07D1E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DC0165B8-D93D-49CE-80B5-71A0FBFF7E39}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{E330FDED-AC90-4815-B9C1-38C6B17959E8}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082D9EBA-BA0C-E6CE-DF60-F450D3B4C427}" = CCC Help Dutch
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E55C4CC-6543-63A3-96D9-0BD0E72C0CF5}" = ccc-localization-da
"{0E7D2293-9FAA-1322-0294-ABE2F86AC3F6}" = Catalyst Control Center Localization Czech
"{0ED5203A-41A3-1ED9-A413-23A656011945}" = Catalyst Control Center Core Implementation
"{1011C9E2-B8A8-C5CC-CAA1-CEC7B072389A}" = Catalyst Control Center Localization Arabic
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{16891F82-D618-EF86-7F38-9FE19874357E}" = Catalyst Control Center Graphics Previews Vista
"{16A9A137-9100-AFB0-E944-05351D0D6154}" = CCC Help Swedish
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1E6727FE-9FBE-50FA-FCE1-4290F0CB68F2}" = CCC Help Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{26D9EF97-45C1-D508-1EE7-CE4004287255}" = CCC Help Norwegian
"{2B5CE128-136C-78CB-C612-6D8C51E8C327}" = CCC Help Polish
"{2E302857-945A-0610-D455-88E1BD0B5C44}" = Catalyst Control Center Localization Chinese Traditional
"{2EF1BDD0-02F1-4D2D-1D42-D02D1ABE1522}" = Catalyst Control Center Localization Arabic
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{355845B8-4352-6D7E-2C6B-CACD91297B1C}" = CCC Help Spanish
"{3733D893-EBBF-6A31-EF05-086E66FC3D9E}" = CCC Help English
"{37CC93E9-6560-9FE3-B07B-4883A4BFD8CC}" = Catalyst Control Center Localization Greek
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{408A092D-40C9-D97F-8468-44A409C23F32}" = Catalyst Control Center Localization German
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43B5E32B-6518-E34B-E691-BDDDC8F7099B}" = Catalyst Control Center Localization Arabic
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0AEE30-988F-AE8C-5269-2FD262D68A22}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CD72BE1-78B0-A817-D273-9C3257C1927E}" = CCC Help Danish
"{4E139886-91CE-3923-AE4A-70047CD4E6F9}" = CCC Help Korean
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53298391-2283-737E-426A-47406AF9C9BF}" = CCC Help Chinese Traditional
"{56069453-23FA-FB2A-613B-0739874F2664}" = CCC Help French
"{59BB72CD-9519-C50D-DFDF-9454503FD291}" = Catalyst Control Center Localization Finnish
"{5ACDC2AD-8424-491E-53B6-43839CBC6E21}" = Catalyst Control Center Localization Spanish
"{5AECAA2C-2D43-5DE6-5FA7-B17F0C99238D}" = Catalyst Control Center Graphics Full Existing
"{5C758C75-E8A6-3CBD-F78B-36568FD3D588}" = CCC Help Thai
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FA2ED6-F6A6-B6D1-D342-3DD6FC1CF235}" = CCC Help Japanese
"{68C192DD-3270-615F-8073-CFAEF47C350C}" = CCC Help Czech
"{6C317D5D-E09E-CEAB-9900-AC55EEB06381}" = Catalyst Control Center Localization Arabic
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E22AFBF-D6AC-DB16-4EDA-05D79EB8972B}" = Catalyst Control Center Graphics Light
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EF5E936-F6E3-ED2D-D897-D019F93BFED3}" = Catalyst Control Center Localization Japanese
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80D1F147-58DE-59DF-959A-2B2DA16304B2}" = CCC Help Finnish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{827A23C2-5F06-D673-E06A-13C8FE4A6313}" = Catalyst Control Center Localization Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847D5140-1D9A-AD4D-A383-D8A76AC9FAA6}" = Catalyst Control Center Localization Korean
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9046E7F5-F4C0-E330-C79E-0AE7FBEEE87F}" = Catalyst Control Center Graphics Full New
"{905E2D3F-A433-5A0C-534E-D3812F344003}" = Catalyst Control Center Localization Hungarian
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92628887-5BBC-EBE4-4AE4-017FF30C87D1}" = CCC Help Turkish
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9EB1C655-331C-5034-CCF8-436FA4B4A3DA}" = ccc-core-static
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B036B9C2-FD5D-AC72-A873-9DADFC039142}" = CCC Help Italian
"{B27E389E-7F8B-7F66-2370-D15814FE7946}" = CCC Help Chinese Standard
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C6F6B84A-5905-FBFE-2884-2F9D954B23AA}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4135FD2-8B19-0B8E-A7D3-5102077E8177}" = Skins
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA43CFF6-91F4-CD70-4FE6-B0872B0A728B}" = Catalyst Control Center Localization Chinese Standard
"{E213AB89-3ABA-0318-E05E-CD44794E5372}" = Catalyst Control Center Localization Arabic
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E341A22D-80F7-946D-9131-B03684195564}" = Catalyst Control Center Localization French
"{E4382B39-C869-D696-6A53-E3D677242626}" = CCC Help German
"{E452AE0E-C9AF-CF4A-09A3-A6C110512C8A}" = Catalyst Control Center Localization Arabic
"{E5016937-B03B-17BB-7708-051AB5A92EBC}" = CCC Help Portuguese
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{EF958332-BBFF-75BA-6852-8C2939CE1972}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F39CAF22-C695-D655-D469-F432AF5A42D2}" = Catalyst Control Center Localization Arabic
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCD9FF6C-CB0C-BD3A-4A21-8A06B8489CF6}" = Catalyst Control Center Localization Arabic
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"123 Free Solitaire" = 123 Free Solitaire
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Anfy" = Anfy
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Uninstaller" = ATI Uninstaller
"AVG9Uninstall" = AVG Free 9.0
"CUZ4_is1" = CAM UnZip 4.42
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Gateway Game Console" = Gateway Game Console
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Hidden Expedition - Titanic" = Hidden Expedition - Titanic (remove only)
"HijackThis" = HijackThis 2.0.2
"Homestead SiteBuilder" = Homestead SiteBuilder
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"jZip" = jZip
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PrimoPDF4.1.0.9" = PrimoPDF
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rise of Atlantis" = The Rise of Atlantis (remove only)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT021900" = Penguins!
"WT021902" = Polar Bowler
"WT022436" = Tradewinds
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 7:08:43 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 11/24/2009 7:08:43 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/16/2009 11:38:36 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 12/16/2009 11:38:37 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/16/2009 11:38:37 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/25/2009 10:42:35 AM | Computer Name = Dee-PC | Source = VSS | ID = 8194
Description =

Error - 12/31/2009 9:57:06 AM | Computer Name = Dee-PC | Source = VSS | ID = 8194
Description =

Error - 1/6/2010 1:24:11 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 1/6/2010 1:24:14 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/6/2010 1:24:14 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

[ Media Center Events ]
Error - 10/27/2008 7:43:42 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/6/2009 7:04:00 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/20/2009 7:31:56 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:11:00 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:55:27 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:55:27 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:56:04 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:56:04 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:59:32 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10010
Description =

Error - 2/1/2010 10:04:21 PM | Computer Name = Dee-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.8,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >
DeeSulli
Active Member
 
Posts: 6
Joined: January 27th, 2010, 1:00 pm

Re: HiJacked on Facebook

Unread postby DeeSulli » February 4th, 2010, 7:08 pm

OTL Report:
OTL logfile created on: 2/4/2010 5:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Dee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.19 Gb Total Space | 33.33 Gb Free Space | 51.91% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 4.58 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEE-PC
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/31 08:56:59 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/24 13:08:31 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/24 13:08:31 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/24 13:08:19 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/24 13:08:19 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/24 13:08:12 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/11 01:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/03 10:37:24 | 000,812,952 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/08/24 06:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/01/23 05:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/12/28 05:58:32 | 000,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2006/11/17 16:58:40 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/09/29 11:57:36 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006/09/29 11:57:30 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


========== Modules (SafeList) ==========

MOD - [2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
MOD - [2009/12/24 13:09:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 13:08:12 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/24 05:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/23 05:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/12/28 05:58:32 | 000,557,056 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MT6460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MT6460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=MT6460

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Dee\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0392e78f-8ada-11de-84fe-00e0b8d46758}\Shell - "" = AutoRun
O33 - MountPoints2\{0392e78f-8ada-11de-84fe-00e0b8d46758}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff0bd41d-0729-11dd-a796-00e0b8d46758}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{ff0bd41d-0729-11dd-a796-00e0b8d46758}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/14 12:12:33 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/04 16:58:35 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2010/02/01 20:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/27 21:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/27 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dee\Documents\*.tmp files -> C:\Users\Dee\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/04 17:01:44 | 003,932,160 | -HS- | M] () -- C:\Users\Dee\ntuser.dat
[2010/02/04 16:58:42 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2010/02/04 15:04:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 15:04:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 14:18:16 | 000,002,627 | ---- | M] () -- C:\Users\Dee\Desktop\Microsoft Office Word 2007.lnk
[2010/02/04 09:18:20 | 055,067,609 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/02 16:04:01 | 000,015,240 | ---- | M] () -- C:\Users\Dee\Documents\I most certainly do have cause to contact you.docx
[2010/02/01 21:03:53 | 001,721,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/01 21:03:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/01 21:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/01 21:01:07 | 000,524,288 | -HS- | M] () -- C:\Users\Dee\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/01 21:01:07 | 000,065,536 | -HS- | M] () -- C:\Users\Dee\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/01 20:59:46 | 003,454,907 | -H-- | M] () -- C:\Users\Dee\AppData\Local\IconCache.db
[2010/02/01 17:12:01 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/30 21:45:27 | 000,132,059 | ---- | M] () -- C:\Users\Dee\Documents\Lumbee criteria.pdf
[2010/01/27 15:18:19 | 000,034,304 | ---- | M] () -- C:\Users\Dee\Documents\letter to Bev.doc
[2010/01/27 11:31:36 | 000,001,908 | ---- | M] () -- C:\Users\Dee\Desktop\HijackThis.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dee\Documents\*.tmp files -> C:\Users\Dee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/02 06:14:32 | 000,015,240 | ---- | C] () -- C:\Users\Dee\Documents\I most certainly do have cause to contact you.docx
[2010/01/30 21:45:27 | 000,132,059 | ---- | C] () -- C:\Users\Dee\Documents\Lumbee criteria.pdf
[2010/01/27 11:31:36 | 000,001,908 | ---- | C] () -- C:\Users\Dee\Desktop\HijackThis.lnk
[2010/01/25 14:55:37 | 000,034,304 | ---- | C] () -- C:\Users\Dee\Documents\letter to Bev.doc
[2009/09/08 16:42:06 | 000,000,680 | ---- | C] () -- C:\Users\Dee\AppData\Local\d3d9caps.dat
[2009/08/17 14:48:45 | 000,076,407 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\Smiley.ico
[2009/08/07 16:37:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/20 17:32:58 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/03/03 13:40:40 | 000,024,206 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\UserTile.png
[2008/02/28 15:01:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/05 17:31:22 | 000,019,968 | ---- | C] () -- C:\Users\Dee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 14:33:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/07/22 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\.purple
[2008/05/30 20:33:05 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\123 Free Solitaire
[2009/08/19 12:18:54 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Azureus
[2009/10/29 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\BitTorrent
[2009/06/01 12:11:56 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\GetRightToGo
[2008/07/06 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\gtk-2.0
[2008/12/24 10:28:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\HouseCall 6.6
[2008/03/01 22:09:08 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\iWinArcade
[2009/09/03 07:04:35 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\mjusbsp
[2008/05/01 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PeerNetworking
[2007/11/06 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SampleView
[2008/02/16 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Smith Micro
[2008/04/19 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SpinTop
[2007/11/05 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\WildTangent
[2010/02/01 17:12:01 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/02/01 21:00:50 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 04:06:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 04:06:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 04:06:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 01:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:0D4A6333
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:49D0B9BB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5E196FE2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7862839
< End of report >

Extras Report:

OTL Extras logfile created on: 2/4/2010 5:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Dee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.19 Gb Total Space | 33.33 Gb Free Space | 51.91% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 4.58 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEE-PC
Current User Name: Dee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E857DD-C90F-4275-B6DA-FEF272943DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BA9B83C-E2BF-459E-82EB-EC48C3E975FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D10041B-4D79-46EF-9FB4-F3C4B640D730}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1E29B403-E409-4773-8C25-5701F1A939A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27A2389A-269C-4D03-A43C-D0386F0BAE58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{33C10ABE-CC38-40DE-A43F-BD6FC1058A03}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADECC65-0052-43D9-AE42-623F81BB283D}" = rport=139 | protocol=6 | dir=out | app=system |
"{49B5CD1A-D737-40AD-BF4E-1941C9B68919}" = lport=445 | protocol=6 | dir=in | app=system |
"{51BB208B-7A9F-4D1E-9C77-163550C71731}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6FB3CD5A-A927-4092-BC45-46179789255E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{78AD062A-FC24-4299-BB81-834A86790CB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A503B8C-B933-48F2-A84D-16A60EF9BDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{94C98A95-B2BE-4E68-A55C-A4ACC1DB3503}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5FA1173-0BD0-4A09-8F83-037A71A8C4C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B7F860E2-FCB8-471D-A00B-E921A8202596}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB5509D1-1C4A-4C84-90F7-5BB883C67CD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCFCE352-CFAD-43FA-98D4-BD7580690A0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D342F20A-7523-49A2-A552-7804A6D65B32}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF4E48B6-F498-425F-9DEC-71882389E2E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1A83D69-F962-4F79-B07A-4F08DE63021C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F64ABDF4-7FB6-4536-856C-36ADA0E003E7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0477EEF1-88D1-413A-ACC3-FAA992C1F963}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{08F9127D-8BEF-44E2-B4C9-17104BD51A66}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0FE79C7F-5986-4F61-886C-AF3825F94D80}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{12B9200E-A548-4B35-B77F-6451F6210D9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FC337B0-7F2E-477A-B89A-2E18ADF766E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FD9B578-E8D5-41A4-9102-118131121014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2178C6B7-64CE-455A-A8AF-0657D682749F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{38C1BE20-6D23-4EF6-8F6E-CD66554D2074}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4C9C586A-5BD1-4B0A-9457-251C44368A82}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5FEA2995-1EAD-4BCC-94E8-99D3D7630045}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{734D789C-FB10-4B96-92E1-49A3F41EEE5B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{860F72D3-F71F-4DCD-A635-AEAC64635A79}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90B370A4-46E3-41B0-AE53-22815416D49F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8239DE7-396B-4F71-AA46-A450080CFE2A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{ABB2D30D-43F4-453E-B5AF-C10CC22021A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CA739095-4077-401F-9F1F-E9C04BA77273}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CCF12762-921A-415A-94F7-2DD87D197F68}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC1F0976-8D55-47C8-BEE3-5381F8F1334F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3FBDA3B-23D9-47E7-985E-488AA1D1E0DB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FE68FD7B-51E5-47DD-897B-2D5771714951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1A87CA6B-B374-4BB0-9C50-935AA7EDC632}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{65F83A57-8EA6-48E9-BB9C-1563B4F9FB17}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{9B8D4589-E1FD-4939-8531-C4EE3A0A932A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B37EC50E-556F-4FA3-A551-CEF027BFB6D7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D74057F1-3C82-47E1-BF45-1A7592913076}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{128063F7-3EF2-4540-BCF7-348FA4D5961D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{822948C1-ACFB-4275-B48D-F943F8476DCE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C5CFDCCD-5CB9-4450-B222-D0D31C07D1E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DC0165B8-D93D-49CE-80B5-71A0FBFF7E39}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{E330FDED-AC90-4815-B9C1-38C6B17959E8}C:\users\dee\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dee\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082D9EBA-BA0C-E6CE-DF60-F450D3B4C427}" = CCC Help Dutch
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E55C4CC-6543-63A3-96D9-0BD0E72C0CF5}" = ccc-localization-da
"{0E7D2293-9FAA-1322-0294-ABE2F86AC3F6}" = Catalyst Control Center Localization Czech
"{0ED5203A-41A3-1ED9-A413-23A656011945}" = Catalyst Control Center Core Implementation
"{1011C9E2-B8A8-C5CC-CAA1-CEC7B072389A}" = Catalyst Control Center Localization Arabic
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{16891F82-D618-EF86-7F38-9FE19874357E}" = Catalyst Control Center Graphics Previews Vista
"{16A9A137-9100-AFB0-E944-05351D0D6154}" = CCC Help Swedish
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1E6727FE-9FBE-50FA-FCE1-4290F0CB68F2}" = CCC Help Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{26D9EF97-45C1-D508-1EE7-CE4004287255}" = CCC Help Norwegian
"{2B5CE128-136C-78CB-C612-6D8C51E8C327}" = CCC Help Polish
"{2E302857-945A-0610-D455-88E1BD0B5C44}" = Catalyst Control Center Localization Chinese Traditional
"{2EF1BDD0-02F1-4D2D-1D42-D02D1ABE1522}" = Catalyst Control Center Localization Arabic
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{355845B8-4352-6D7E-2C6B-CACD91297B1C}" = CCC Help Spanish
"{3733D893-EBBF-6A31-EF05-086E66FC3D9E}" = CCC Help English
"{37CC93E9-6560-9FE3-B07B-4883A4BFD8CC}" = Catalyst Control Center Localization Greek
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{408A092D-40C9-D97F-8468-44A409C23F32}" = Catalyst Control Center Localization German
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43B5E32B-6518-E34B-E691-BDDDC8F7099B}" = Catalyst Control Center Localization Arabic
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0AEE30-988F-AE8C-5269-2FD262D68A22}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CD72BE1-78B0-A817-D273-9C3257C1927E}" = CCC Help Danish
"{4E139886-91CE-3923-AE4A-70047CD4E6F9}" = CCC Help Korean
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53298391-2283-737E-426A-47406AF9C9BF}" = CCC Help Chinese Traditional
"{56069453-23FA-FB2A-613B-0739874F2664}" = CCC Help French
"{59BB72CD-9519-C50D-DFDF-9454503FD291}" = Catalyst Control Center Localization Finnish
"{5ACDC2AD-8424-491E-53B6-43839CBC6E21}" = Catalyst Control Center Localization Spanish
"{5AECAA2C-2D43-5DE6-5FA7-B17F0C99238D}" = Catalyst Control Center Graphics Full Existing
"{5C758C75-E8A6-3CBD-F78B-36568FD3D588}" = CCC Help Thai
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FA2ED6-F6A6-B6D1-D342-3DD6FC1CF235}" = CCC Help Japanese
"{68C192DD-3270-615F-8073-CFAEF47C350C}" = CCC Help Czech
"{6C317D5D-E09E-CEAB-9900-AC55EEB06381}" = Catalyst Control Center Localization Arabic
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E22AFBF-D6AC-DB16-4EDA-05D79EB8972B}" = Catalyst Control Center Graphics Light
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EF5E936-F6E3-ED2D-D897-D019F93BFED3}" = Catalyst Control Center Localization Japanese
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80D1F147-58DE-59DF-959A-2B2DA16304B2}" = CCC Help Finnish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{827A23C2-5F06-D673-E06A-13C8FE4A6313}" = Catalyst Control Center Localization Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847D5140-1D9A-AD4D-A383-D8A76AC9FAA6}" = Catalyst Control Center Localization Korean
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9046E7F5-F4C0-E330-C79E-0AE7FBEEE87F}" = Catalyst Control Center Graphics Full New
"{905E2D3F-A433-5A0C-534E-D3812F344003}" = Catalyst Control Center Localization Hungarian
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92628887-5BBC-EBE4-4AE4-017FF30C87D1}" = CCC Help Turkish
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9EB1C655-331C-5034-CCF8-436FA4B4A3DA}" = ccc-core-static
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B036B9C2-FD5D-AC72-A873-9DADFC039142}" = CCC Help Italian
"{B27E389E-7F8B-7F66-2370-D15814FE7946}" = CCC Help Chinese Standard
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C6F6B84A-5905-FBFE-2884-2F9D954B23AA}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4135FD2-8B19-0B8E-A7D3-5102077E8177}" = Skins
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA43CFF6-91F4-CD70-4FE6-B0872B0A728B}" = Catalyst Control Center Localization Chinese Standard
"{E213AB89-3ABA-0318-E05E-CD44794E5372}" = Catalyst Control Center Localization Arabic
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E341A22D-80F7-946D-9131-B03684195564}" = Catalyst Control Center Localization French
"{E4382B39-C869-D696-6A53-E3D677242626}" = CCC Help German
"{E452AE0E-C9AF-CF4A-09A3-A6C110512C8A}" = Catalyst Control Center Localization Arabic
"{E5016937-B03B-17BB-7708-051AB5A92EBC}" = CCC Help Portuguese
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{EF958332-BBFF-75BA-6852-8C2939CE1972}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F39CAF22-C695-D655-D469-F432AF5A42D2}" = Catalyst Control Center Localization Arabic
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCD9FF6C-CB0C-BD3A-4A21-8A06B8489CF6}" = Catalyst Control Center Localization Arabic
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"123 Free Solitaire" = 123 Free Solitaire
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Anfy" = Anfy
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Uninstaller" = ATI Uninstaller
"AVG9Uninstall" = AVG Free 9.0
"CUZ4_is1" = CAM UnZip 4.42
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Gateway Game Console" = Gateway Game Console
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Hidden Expedition - Titanic" = Hidden Expedition - Titanic (remove only)
"HijackThis" = HijackThis 2.0.2
"Homestead SiteBuilder" = Homestead SiteBuilder
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"jZip" = jZip
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PrimoPDF4.1.0.9" = PrimoPDF
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rise of Atlantis" = The Rise of Atlantis (remove only)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT021900" = Penguins!
"WT021902" = Polar Bowler
"WT022436" = Tradewinds
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 7:08:43 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 11/24/2009 7:08:43 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/16/2009 11:38:36 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 12/16/2009 11:38:37 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/16/2009 11:38:37 AM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/25/2009 10:42:35 AM | Computer Name = Dee-PC | Source = VSS | ID = 8194
Description =

Error - 12/31/2009 9:57:06 AM | Computer Name = Dee-PC | Source = VSS | ID = 8194
Description =

Error - 1/6/2010 1:24:11 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 1/6/2010 1:24:14 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/6/2010 1:24:14 PM | Computer Name = Dee-PC | Source = Windows Search Service | ID = 3058
Description =

[ Media Center Events ]
Error - 10/27/2008 7:43:42 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/6/2009 7:04:00 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/20/2009 7:31:56 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:11:00 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:54:42 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:55:27 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:55:27 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:56:04 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/1/2010 9:56:04 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/1/2010 9:59:32 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10010
Description =

Error - 2/1/2010 10:04:21 PM | Computer Name = Dee-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.8,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >
DeeSulli
Active Member
 
Posts: 6
Joined: January 27th, 2010, 1:00 pm

Re: HiJacked on Facebook

Unread postby deltalima » February 5th, 2010, 8:46 am

Hi DeeSulli,

The problem you have is not Malware, please see this article from Microsoft.

The answer is to upgrade Internet explorer from version 7 to version 8.

Please go to this page and click the orange Download Now button and follow the instructions.

When you have upgraded please check that there are no more problems with Facebook and let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: HiJacked on Facebook

Unread postby DeeSulli » February 5th, 2010, 6:37 pm

Thank you so much for your time and help deltalima....but it looks like the problem was with facebook and not my computer after all. Last night, they revamped the facebook site....and I have had no problem at all today. Evidently there must have been more than just one other person having that problem....even though out of more than a thousand friends, I only got one reply when I posted the question on my wall. But anyway....problem solved.... Sorry to have been a bother.

Dee
DeeSulli
Active Member
 
Posts: 6
Joined: January 27th, 2010, 1:00 pm

Re: HiJacked on Facebook

Unread postby deltalima » February 6th, 2010, 6:53 pm

Hi DeeSulli,

Good to hear that Facebook is working for you now.

There are a few straightforward updates that you could make to your computer that would help prevent any possible future problems.

Firstly I would recommend that you update to Internet Explorer 8 as per my last post.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.3
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version

Please let me know if you encounter any problems with these instructions.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: HiJacked on Facebook

Unread postby NonSuch » February 10th, 2010, 1:29 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware