Think I might have something :/

View previous topic View next topic Go down

Think I might have something :/

Post by Joe.R on 25th March 2010, 9:47 pm

Hey,

Well, Explorer.exe kept stopping every now and then, would happen a few times a night. I did some snooping about and found 'update.exe' was running in startup and running in the process manager, I deleted it and removed it from startup and everything did go back to normal.

However, on the laptop tonight everything just stopped entirely, ctrl alt del threw up the error "security options error" which makes me believe there's possibly something still going on (N)

Here's a hijack this log I just took

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:17, on 25/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Jumi\jumi.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Joe\Desktop\HijackThis.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\WerCon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.37.213.104:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [JumiController] C:\Program Files\Jumi\jumi.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - [You must be registered and logged in to see this link.]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9c77974d485e8) (gupdate1c9c77974d485e8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PermissionResearch - Unknown owner - C:\Program Files\PermissionResearch\prservice.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11588 bytes


Thanks in advance,

Joe Smile!

Joe.R
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Belahzur on 25th March 2010, 9:59 pm

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O23 - Service: PermissionResearch - Unknown owner - C:\Program Files\PermissionResearch\prservice.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Joe.R on 25th March 2010, 10:23 pm

Hey, thanks for the quick reply Smile!

Fixed those 4 things in hijack this, downloaded / ran that program, threw up 3 things

Cheers Smile!

Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3914
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

25/03/2010 22:15:16
mbam-log-2010-03-25 (22-15-16).txt

Scan type: Quick Scan
Objects scanned: 124867
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PermissionResearch\prmrsr.exe (Spyware.PermissionResearch) -> Quarantined and deleted successfully.

Joe.R
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Belahzur on 25th March 2010, 10:25 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Joe.R on 25th March 2010, 10:38 pm

OTL:
OTL logfile created on: 25/03/2010 22:29:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.87 Gb Total Space | 51.64 Gb Free Space | 22.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.97% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOES
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/25 22:28:37 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2010/03/18 02:05:54 | 001,726,464 | ---- | M] (Jumi Technologies) -- C:\Program Files\Jumi\jumi.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/05/17 15:40:22 | 004,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/29 10:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/12/10 08:49:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/08/24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/04/11 21:30:26 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
PRC - [2008/03/10 21:14:54 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/03/10 21:14:54 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/03/07 18:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/03/03 21:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/02/23 00:38:52 | 000,180,224 | ---- | M] (ALPS) -- C:\Program Files\Apoint\Apvfb.exe
PRC - [2008/02/23 00:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/23 00:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/23 00:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/02/15 18:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/02/15 18:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/02/15 18:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/21 19:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/10/16 09:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2007/10/16 09:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2007/08/15 03:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 03:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/02 12:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2002/08/14 02:33:46 | 001,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/03/25 22:28:37 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (PermissionResearch)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/17 15:40:22 | 004,368,952 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/10 08:49:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/03/10 21:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/03/05 03:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 03:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 03:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 21:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 20:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/02/15 18:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/02/15 18:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/02/15 18:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/02/15 18:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/28 09:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 09:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 08:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/10/16 09:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007/10/16 09:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007/08/15 03:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2002/08/14 02:33:46 | 001,130,496 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)


========== Driver Services (SafeList) ==========

DRV - [2010/01/01 17:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/27 08:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/23 19:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jumi.sys -- (jumi)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/17 15:40:22 | 000,027,656 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2009/05/17 15:40:22 | 000,022,024 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/18 21:02:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/09 23:21:51 | 000,022,368 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/01/09 23:21:51 | 000,010,976 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/02/23 00:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/12 00:49:44 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/06 00:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/02/06 00:06:17 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/02/06 00:06:16 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/06 00:06:16 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/02/06 00:05:55 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/23 00:11:14 | 002,032,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/26 18:09:46 | 000,110,088 | ---- | M] (Prevx Limited, [You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PxEmu.sys -- (PREVXEmulator)
DRV - [2007/12/17 01:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/14 04:03:35 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/14 00:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/01 00:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/10/15 16:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C2 42 34 6D C8 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.37.213.104:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.swagbucks.com/|http://www.nexdana.com/home"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.19
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.7.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.5.6.0
FF - prefs.js..network.proxy.http: "72.37.213.104 "
FF - prefs.js..network.proxy.http_port: 8089

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 16:44:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 16:44:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/06/19 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2009/06/19 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/25 21:42:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions
[2009/10/23 23:38:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/18 10:58:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/29 17:34:00 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/02/06 22:24:06 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/26 16:39:34 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/01/08 14:03:02 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/03/14 20:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/12/17 15:35:38 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/02/14 00:10:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/11/18 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/03/20 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\facepad@lazyrussian.com
[2009/12/17 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\firefox@facebook.com
[2010/03/20 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\personas@christopher.beard
[2009/12/17 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\plugin2@buzzbox.com
[2009/04/29 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\extensions\smartbookmarksbar@remy.juteau
[2009/09/13 21:07:25 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Sunbird\Profiles\17pu9cpv.default\extensions
[2009/10/27 01:46:55 | 000,002,164 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\searchplugins\bing.xml
[2009/02/18 21:07:05 | 000,000,523 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\searchplugins\daemon-search.xml
[2009/04/22 19:57:33 | 000,000,408 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\bswtfl67.default\searchplugins\joe.xml
[2009/12/08 16:29:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/03/13 17:00:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 17:00:22 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 17:00:27 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 17:00:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [JumiController] C:\Program Files\Jumi\jumi.exe (Jumi Technologies)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} [You must be registered and logged in to see this link.] (VaioInfo.CMClass)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cd638ee9-fdff-11dd-bf61-001a80f8cc05}\Shell - "" = AutoRun
O33 - MountPoints2\{cd638ee9-fdff-11dd-bf61-001a80f8cc05}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Joe.R
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Joe.R on 25th March 2010, 10:38 pm

========== Files/Folders - Created Within 30 Days ==========

[2010/03/25 22:28:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/03/25 22:05:07 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2010/03/25 22:05:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 22:04:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/25 22:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/25 22:04:00 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe
[2010/03/25 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\backups
[2010/03/25 21:58:53 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/03/25 21:58:15 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Users\Joe\Desktop\HousecallLauncher.exe
[2010/03/25 21:36:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joe\Desktop\HijackThis.exe
[2010/03/22 22:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/22 22:32:16 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\Joe\Desktop\ccsetup229.exe
[2010/03/22 21:25:41 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\seaofclouds-tweet-c536a16
[2010/03/22 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\ajaxtwits
[2010/03/22 19:24:19 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/03/22 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/22 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\CAT BANNERS
[2010/03/20 23:24:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\twitterbadge
[2010/03/20 19:45:52 | 002,256,933 | ---- | C] (WiseCleaner.com ) -- C:\Users\Joe\Desktop\WRCFree.exe
[2010/03/20 19:40:54 | 001,973,680 | ---- | C] (wisecleaner.com ) -- C:\Users\Joe\Desktop\WDCFree.exe
[2010/03/18 22:41:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\nexdana - coding
[2010/03/16 21:55:02 | 000,000,000 | ---D | C] -- C:\QUANTUM_OF_SOLACE
[2010/03/16 21:46:38 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\RipIt4Me
[2010/03/15 21:23:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\RYAN VIBE
[2010/03/14 01:47:22 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Nexdana Badges
[2010/03/14 00:44:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\1748-1258480158-mybbpro-1-1
[2010/03/14 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\327
[2010/03/13 21:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/03/13 21:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/03/13 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/03/13 18:24:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Media Player Classic
[2010/03/13 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/13 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avi2Dvd
[2010/03/13 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Agree Free DIVX XVID AVI to WMV DVD Converter
[2010/03/11 23:09:32 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2010/03/11 22:44:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joe\AppData\Roaming\pcouffin.sys
[2010/03/11 22:44:23 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Vso
[2010/03/11 22:44:23 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\PcSetup
[2010/03/11 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\DVDFab
[2010/03/11 22:42:34 | 013,312,568 | ---- | C] (Fengtao Software Inc. ) -- C:\Users\Joe\Desktop\DVDFab6218.exe
[2010/03/11 22:42:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\InterVideo
[2010/03/11 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\VIDEO_TS
[2010/03/11 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\InterVideo
[2010/03/11 22:40:14 | 000,045,056 | ---- | C] (Fengtao Software) -- C:\Users\Joe\Desktop\FreeDVD.exe
[2010/03/10 22:18:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 22:18:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/07 01:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2010/03/07 01:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/03/07 01:32:29 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\AnyDVDHD
[2010/03/07 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/03/07 01:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/03/07 00:59:09 | 000,000,000 | ---D | C] -- C:\Users\Joe\New Folder
[2010/03/01 22:10:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\HHHHHHHHHHHHHHHHHEEEEEEEEEEEEEERRRRRRRRRREEEE
[2010/02/27 21:56:13 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2010/02/27 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2010/02/27 21:53:30 | 019,751,344 | ---- | C] (Cheetah Websites Corporation) -- C:\Users\Joe\CheetahDVDBurner.exe
[2010/02/27 21:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/02/27 18:55:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\New Folder (2)
[2010/02/27 18:47:58 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\featured
[2010/02/27 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Nexdana Featured Games
[2010/02/24 15:25:16 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 15:24:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 15:23:18 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 15:23:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 15:23:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 15:23:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 15:23:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 15:23:13 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 15:23:12 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 15:23:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 15:23:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 15:23:04 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 15:23:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 15:23:02 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/25 22:30:47 | 006,553,600 | -HS- | M] () -- C:\Users\Joe\ntuser.dat
[2010/03/25 22:28:37 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/03/25 22:18:12 | 000,144,109 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\nvModes.001
[2010/03/25 22:17:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/25 22:17:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 22:17:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 22:17:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/25 22:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 22:17:15 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/25 22:16:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/25 22:16:07 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/25 22:16:07 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/25 22:16:05 | 002,716,746 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2010/03/25 22:05:03 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 22:04:21 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe
[2010/03/25 21:58:37 | 000,000,036 | ---- | M] () -- C:\Users\Joe\AppData\Local\housecall.guid.cache
[2010/03/25 21:58:30 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Users\Joe\Desktop\HousecallLauncher.exe
[2010/03/25 21:36:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joe\Desktop\HijackThis.exe
[2010/03/25 21:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/25 20:39:26 | 000,305,297 | ---- | M] () -- C:\Users\Joe\Desktop\nexdanalogo.psd
[2010/03/24 22:09:27 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 22:09:27 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 22:09:27 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 18:52:40 | 000,050,176 | ---- | M] () -- C:\Users\Joe\Documents\Nexdana reports March10.doc
[2010/03/24 18:47:31 | 000,002,609 | ---- | M] () -- C:\Users\Joe\Desktop\Microsoft Office Word 2003.lnk
[2010/03/23 20:04:01 | 000,008,707 | ---- | M] () -- C:\Users\Joe\Desktop\seaofclouds-tweet-c536a16.zip
[2010/03/22 22:39:04 | 000,001,846 | ---- | M] () -- C:\Users\Joe\Documents\cc_20100322_223856.reg
[2010/03/22 22:38:32 | 000,186,266 | ---- | M] () -- C:\Users\Joe\Documents\cc_20100322_223733.reg
[2010/03/22 22:35:50 | 000,001,670 | ---- | M] () -- C:\Users\Joe\Desktop\CCleaner.lnk
[2010/03/22 22:32:18 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\Joe\Desktop\ccsetup229.exe
[2010/03/22 21:21:04 | 000,005,156 | ---- | M] () -- C:\Users\Joe\Desktop\ajaxtwits.zip
[2010/03/22 19:23:09 | 000,177,032 | ---- | M] () -- C:\Users\Joe\Desktop\activescan2_en.exe
[2010/03/21 23:37:17 | 000,366,238 | ---- | M] () -- C:\Users\Joe\Desktop\nav.psd
[2010/03/21 21:27:03 | 000,006,300 | ---- | M] () -- C:\Users\Joe\Desktop\forum.png
[2010/03/21 21:26:50 | 000,006,258 | ---- | M] () -- C:\Users\Joe\Desktop\articles.png
[2010/03/21 21:25:48 | 000,004,019 | ---- | M] () -- C:\Users\Joe\Desktop\hhome.png
[2010/03/21 21:21:48 | 000,003,911 | ---- | M] () -- C:\Users\Joe\Desktop\hshout.png
[2010/03/21 21:19:36 | 000,003,912 | ---- | M] () -- C:\Users\Joe\Desktop\hforum.png
[2010/03/21 21:15:57 | 000,004,160 | ---- | M] () -- C:\Users\Joe\Desktop\hvideos.png
[2010/03/21 21:10:07 | 000,004,079 | ---- | M] () -- C:\Users\Joe\Desktop\himages.png
[2010/03/21 21:08:45 | 000,004,076 | ---- | M] () -- C:\Users\Joe\Desktop\hgames.png
[2010/03/21 20:42:02 | 000,001,430 | ---- | M] () -- C:\Users\Joe\Desktop\hgames2.png
[2010/03/21 02:22:53 | 000,192,112 | ---- | M] () -- C:\Users\Joe\Desktop\Untitled-6.psd
[2010/03/21 00:23:36 | 000,004,208 | ---- | M] () -- C:\Users\Joe\Desktop\shout.png
[2010/03/21 00:15:06 | 000,007,288 | ---- | M] () -- C:\Users\Joe\Desktop\megaphone.png
[2010/03/20 23:24:05 | 000,028,594 | ---- | M] () -- C:\Users\Joe\Desktop\twitterbadge.zip
[2010/03/20 23:05:40 | 000,008,703 | ---- | M] () -- C:\Users\Joe\Desktop\seaofclouds-tweet-3ada37f.zip
[2010/03/20 22:51:32 | 000,016,404 | ---- | M] () -- C:\Users\Joe\Desktop\logonew2.png
[2010/03/20 22:48:31 | 000,016,051 | ---- | M] () -- C:\Users\Joe\Desktop\logonew.png
[2010/03/20 22:09:04 | 000,538,602 | ---- | M] () -- C:\Users\Joe\Desktop\oopsbacksoon.png
[2010/03/20 21:52:17 | 000,085,045 | ---- | M] () -- C:\Users\Joe\Pen5.jpg
[2010/03/20 21:50:50 | 000,069,602 | ---- | M] () -- C:\Users\Joe\Pen4 copy.jpg
[2010/03/20 21:50:30 | 000,448,932 | ---- | M] () -- C:\Users\Joe\Pen4.psd
[2010/03/20 21:49:56 | 000,113,402 | ---- | M] () -- C:\Users\Joe\Pen3.jpg
[2010/03/20 21:49:10 | 000,113,375 | ---- | M] () -- C:\Users\Joe\Pen2.jpg
[2010/03/20 21:47:03 | 000,112,077 | ---- | M] () -- C:\Users\Joe\Pen.jpg
[2010/03/20 21:42:41 | 000,040,312 | ---- | M] () -- C:\Users\Joe\Desktop\Vistaprint_Pens.zip
[2010/03/20 20:29:57 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/03/20 19:46:20 | 002,256,933 | ---- | M] (WiseCleaner.com ) -- C:\Users\Joe\Desktop\WRCFree.exe
[2010/03/20 19:41:15 | 001,973,680 | ---- | M] (wisecleaner.com ) -- C:\Users\Joe\Desktop\WDCFree.exe
[2010/03/18 22:40:49 | 000,666,723 | ---- | M] () -- C:\Users\Joe\Desktop\nexdana - coding.rar
[2010/03/18 20:48:24 | 004,746,807 | ---- | M] () -- C:\Users\Joe\Desktop\100312_sportrelief_minimix.mp3
[2010/03/16 21:54:34 | 000,899,414 | ---- | M] () -- C:\Users\Joe\Desktop\SetupDVDDecrypter_3.5.4.0.exe
[2010/03/16 21:46:37 | 002,392,676 | ---- | M] () -- C:\Users\Joe\Desktop\SoftonicToolbar.exe
[2010/03/16 21:46:13 | 000,202,071 | ---- | M] () -- C:\Users\Joe\Desktop\RipIt4Me.zip
[2010/03/16 21:45:24 | 000,233,760 | ---- | M] () -- C:\Users\Joe\Desktop\SoftonicDownloader53822.exe
[2010/03/16 21:38:12 | 000,020,992 | ---- | M] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 23:43:09 | 068,194,558 | ---- | M] () -- C:\Users\Joe\Desktop\Danny Wolf (March 2010 House mix).wma
[2010/03/15 23:18:04 | 063,784,270 | R--- | M] () -- C:\Users\Joe\Documents\Danny Wolf (March 2010 Commercial Funky mix).wma
[2010/03/15 21:59:27 | 000,242,187 | ---- | M] () -- C:\Users\Joe\Desktop\newestnexdana.png
[2010/03/14 23:14:27 | 000,433,664 | ---- | M] () -- C:\Users\Joe\Documents\Doc3.doc
[2010/03/14 21:48:28 | 000,087,608 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\inst.exe
[2010/03/14 21:48:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Joe\AppData\Roaming\pcouffin.sys
[2010/03/14 21:48:28 | 000,007,887 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\pcouffin.cat
[2010/03/14 21:48:28 | 000,001,144 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\pcouffin.inf
[2010/03/14 00:44:21 | 000,748,076 | ---- | M] () -- C:\Users\Joe\Desktop\1748-1258480158-mybbpro-1-1.zip
[2010/03/14 00:04:49 | 000,422,878 | ---- | M] () -- C:\Users\Joe\Desktop\327.zip
[2010/03/13 23:46:20 | 000,015,014 | ---- | M] () -- C:\Users\Joe\Desktop\Nexdana-theme.xml
[2010/03/13 23:44:31 | 000,003,167 | ---- | M] () -- C:\Users\Joe\Desktop\bigger-top.png
[2010/03/13 23:44:10 | 000,002,890 | ---- | M] () -- C:\Users\Joe\Desktop\bigger-mid.png
[2010/03/13 23:43:48 | 000,003,147 | ---- | M] () -- C:\Users\Joe\Desktop\bigger-bot.png
[2010/03/13 22:28:01 | 013,029,199 | ---- | M] () -- C:\Users\Joe\Desktop\blackholegoodbye.zip
[2010/03/13 19:14:52 | 000,000,632 | RHS- | M] () -- C:\Users\Joe\ntuser.pol
[2010/03/13 18:22:15 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/03/13 18:22:02 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/03/13 18:21:38 | 000,001,727 | ---- | M] () -- C:\Users\Joe\Desktop\DivX Movies.lnk
[2010/03/13 17:48:11 | 033,564,911 | ---- | M] () -- C:\Users\Joe\Desktop\Avi2Dvd_Setup_052.exe
[2010/03/13 17:34:17 | 000,000,034 | -H-- | M] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/03/13 14:44:46 | 000,039,092 | ---- | M] () -- C:\Users\Joe\Desktop\25105_1376814176091_1103941812_31190220_6840170_n.jpg
[2010/03/11 22:43:49 | 013,312,568 | ---- | M] (Fengtao Software Inc. ) -- C:\Users\Joe\Desktop\DVDFab6218.exe
[2010/03/11 22:40:16 | 000,045,056 | ---- | M] (Fengtao Software) -- C:\Users\Joe\Desktop\FreeDVD.exe
[2010/03/07 21:37:24 | 000,005,506 | ---- | M] () -- C:\Users\Joe\Desktop\24091_347817042559_347769357559_3455605_1379031_n.jpg
[2010/03/07 03:19:27 | 005,016,416 | ---- | M] () -- C:\Users\Joe\Desktop\errorpages.psd
[2010/03/07 02:55:05 | 000,648,641 | ---- | M] () -- C:\Users\Joe\Desktop\403cat.png
[2010/03/07 02:54:38 | 000,648,394 | ---- | M] () -- C:\Users\Joe\Desktop\404cat.png
[2010/03/07 02:50:57 | 000,005,533 | ---- | M] () -- C:\Users\Joe\Desktop\rotate.php
[2010/03/07 02:50:04 | 000,542,960 | ---- | M] () -- C:\Users\Joe\Desktop\404emu.png
[2010/03/07 02:49:44 | 000,543,395 | ---- | M] () -- C:\Users\Joe\Desktop\403emu.png
[2010/03/07 02:49:11 | 000,404,935 | ---- | M] () -- C:\Users\Joe\Desktop\403baby.png
[2010/03/07 02:48:23 | 000,404,719 | ---- | M] () -- C:\Users\Joe\Desktop\404baby.png
[2010/03/07 02:44:29 | 000,415,374 | ---- | M] () -- C:\Users\Joe\Desktop\4032.png
[2010/03/07 02:03:55 | 000,555,306 | ---- | M] () -- C:\Users\Joe\Desktop\letterhead.psd
[2010/03/07 02:03:49 | 000,014,352 | ---- | M] () -- C:\Users\Joe\Desktop\march10.png
[2010/03/07 01:55:58 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010/03/06 00:31:57 | 000,254,621 | ---- | M] () -- C:\Users\Joe\Documents\Advertise_Nexdana_March_5th.pdf
[2010/03/06 00:29:39 | 000,295,936 | ---- | M] () -- C:\Users\Joe\Documents\Why Advertise on Nexdana.doc
[2010/03/05 23:49:03 | 000,016,657 | ---- | M] () -- C:\Users\Joe\Desktop\advertisingBOTTOM.png
[2010/03/05 23:45:18 | 000,015,399 | ---- | M] () -- C:\Users\Joe\Desktop\advertiserTOP.png
[2010/03/05 21:38:45 | 000,230,524 | ---- | M] () -- C:\Users\Joe\Desktop\omgsearch.psd
[2010/03/05 21:10:27 | 000,014,731 | ---- | M] () -- C:\Users\Joe\Desktop\omgsearch.png
[2010/03/05 19:27:19 | 000,543,414 | ---- | M] () -- C:\Users\Joe\Desktop\nex403.png
[2010/03/05 19:24:37 | 000,545,000 | ---- | M] () -- C:\Users\Joe\Desktop\nex404.png
[2010/03/04 20:35:31 | 001,080,054 | ---- | M] () -- C:\Users\Joe\image.bmp
[2010/03/03 19:39:44 | 000,210,711 | ---- | M] () -- C:\Users\Joe\Desktop\newlogo2.psd
[2010/03/03 18:52:07 | 000,017,483 | ---- | M] () -- C:\Users\Joe\Desktop\newlogo2.png
[2010/03/01 22:50:01 | 000,530,813 | ---- | M] () -- C:\Users\Joe\bloons TD.swf
[2010/03/01 22:49:30 | 000,785,917 | ---- | M] () -- C:\Users\Joe\bloonstd2.swf
[2010/03/01 22:46:00 | 001,401,643 | ---- | M] () -- C:\Users\Joe\bloonstd3.swf
[2010/03/01 22:43:30 | 002,906,520 | ---- | M] () -- C:\Users\Joe\bloonstd4_secure.swf
[2010/02/28 02:32:36 | 003,015,102 | ---- | M] () -- C:\Users\Joe\Up Butt Coconut .ogg
[2010/02/27 21:55:45 | 019,751,344 | ---- | M] (Cheetah Websites Corporation) -- C:\Users\Joe\CheetahDVDBurner.exe
[2010/02/27 21:24:24 | 034,946,048 | ---- | M] () -- C:\Users\Joe\eav_nt32_enu.msi
[2010/02/25 22:04:54 | 005,154,985 | ---- | M] () -- C:\Users\Joe\We Buy Any Car (Bass Shockerz! Remix).mp3
[2010/02/25 07:40:31 | 000,114,408 | ---- | M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 03:21:26 | 000,415,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 16:45:51 | 000,074,218 | ---- | M] () -- C:\Users\Joe\Desktop\moo6 copy.png
[2010/02/24 16:45:21 | 001,034,391 | ---- | M] () -- C:\Users\Joe\Desktop\moo6.psd
[2010/02/24 16:40:22 | 000,080,765 | ---- | M] () -- C:\Users\Joe\Desktop\moo5.png
[2010/02/24 16:39:35 | 000,080,770 | ---- | M] () -- C:\Users\Joe\Desktop\moo4.png
[2010/02/24 16:38:49 | 000,080,715 | ---- | M] () -- C:\Users\Joe\Desktop\moo3.png
[2010/02/24 16:32:42 | 000,069,460 | ---- | M] () -- C:\Users\Joe\Desktop\moo2.png
[2010/02/24 16:27:24 | 000,069,095 | ---- | M] () -- C:\Users\Joe\Desktop\moo.png
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 22:05:03 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 21:58:37 | 000,000,036 | ---- | C] () -- C:\Users\Joe\AppData\Local\housecall.guid.cache
[2010/03/25 20:39:24 | 000,305,297 | ---- | C] () -- C:\Users\Joe\Desktop\nexdanalogo.psd
[2010/03/22 22:38:57 | 000,001,846 | ---- | C] () -- C:\Users\Joe\Documents\cc_20100322_223856.reg
[2010/03/22 22:37:38 | 000,186,266 | ---- | C] () -- C:\Users\Joe\Documents\cc_20100322_223733.reg
[2010/03/22 22:35:50 | 000,001,670 | ---- | C] () -- C:\Users\Joe\Desktop\CCleaner.lnk
[2010/03/22 21:25:24 | 000,008,707 | ---- | C] () -- C:\Users\Joe\Desktop\seaofclouds-tweet-c536a16.zip
[2010/03/22 21:20:54 | 000,005,156 | ---- | C] () -- C:\Users\Joe\Desktop\ajaxtwits.zip
[2010/03/22 19:23:05 | 000,177,032 | ---- | C] () -- C:\Users\Joe\Desktop\activescan2_en.exe
[2010/03/22 18:18:51 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/21 23:37:16 | 000,366,238 | ---- | C] () -- C:\Users\Joe\Desktop\nav.psd
[2010/03/21 21:27:02 | 000,006,300 | ---- | C] () -- C:\Users\Joe\Desktop\forum.png
[2010/03/21 21:26:49 | 000,006,258 | ---- | C] () -- C:\Users\Joe\Desktop\articles.png
[2010/03/21 21:25:47 | 000,004,019 | ---- | C] () -- C:\Users\Joe\Desktop\hhome.png
[2010/03/21 21:19:36 | 000,003,912 | ---- | C] () -- C:\Users\Joe\Desktop\hforum.png
[2010/03/21 21:13:43 | 000,004,160 | ---- | C] () -- C:\Users\Joe\Desktop\hvideos.png
[2010/03/21 20:56:53 | 000,004,079 | ---- | C] () -- C:\Users\Joe\Desktop\himages.png
[2010/03/21 20:42:01 | 000,001,430 | ---- | C] () -- C:\Users\Joe\Desktop\hgames2.png
[2010/03/21 20:41:31 | 000,004,076 | ---- | C] () -- C:\Users\Joe\Desktop\hgames.png
[2010/03/21 02:22:50 | 000,192,112 | ---- | C] () -- C:\Users\Joe\Desktop\Untitled-6.psd
[2010/03/21 00:39:42 | 000,003,911 | ---- | C] () -- C:\Users\Joe\Desktop\hshout.png
[2010/03/21 00:23:36 | 000,004,208 | ---- | C] () -- C:\Users\Joe\Desktop\shout.png
[2010/03/21 00:15:05 | 000,007,288 | ---- | C] () -- C:\Users\Joe\Desktop\megaphone.png
[2010/03/20 23:24:03 | 000,028,594 | ---- | C] () -- C:\Users\Joe\Desktop\twitterbadge.zip
[2010/03/20 23:05:38 | 000,008,703 | ---- | C] () -- C:\Users\Joe\Desktop\seaofclouds-tweet-3ada37f.zip
[2010/03/20 22:51:31 | 000,016,404 | ---- | C] () -- C:\Users\Joe\Desktop\logonew2.png
[2010/03/20 22:48:30 | 000,016,051 | ---- | C] () -- C:\Users\Joe\Desktop\logonew.png
[2010/03/20 22:09:00 | 000,538,602 | ---- | C] () -- C:\Users\Joe\Desktop\oopsbacksoon.png
[2010/03/20 21:52:17 | 000,085,045 | ---- | C] () -- C:\Users\Joe\Pen5.jpg
[2010/03/20 21:50:49 | 000,069,602 | ---- | C] () -- C:\Users\Joe\Pen4 copy.jpg
[2010/03/20 21:50:29 | 000,448,932 | ---- | C] () -- C:\Users\Joe\Pen4.psd
[2010/03/20 21:49:55 | 000,113,402 | ---- | C] () -- C:\Users\Joe\Pen3.jpg
[2010/03/20 21:49:07 | 000,113,375 | ---- | C] () -- C:\Users\Joe\Pen2.jpg
[2010/03/20 21:47:01 | 000,112,077 | ---- | C] () -- C:\Users\Joe\Pen.jpg
[2010/03/20 21:42:39 | 000,040,312 | ---- | C] () -- C:\Users\Joe\Desktop\Vistaprint_Pens.zip
[2010/03/18 22:40:46 | 000,666,723 | ---- | C] () -- C:\Users\Joe\Desktop\nexdana - coding.rar
[2010/03/18 20:47:55 | 004,746,807 | ---- | C] () -- C:\Users\Joe\Desktop\100312_sportrelief_minimix.mp3
[2010/03/16 21:54:30 | 000,899,414 | ---- | C] () -- C:\Users\Joe\Desktop\SetupDVDDecrypter_3.5.4.0.exe
[2010/03/16 21:46:07 | 002,392,676 | ---- | C] () -- C:\Users\Joe\Desktop\SoftonicToolbar.exe
[2010/03/16 21:46:07 | 000,202,071 | ---- | C] () -- C:\Users\Joe\Desktop\RipIt4Me.zip
[2010/03/16 21:45:18 | 000,233,760 | ---- | C] () -- C:\Users\Joe\Desktop\SoftonicDownloader53822.exe
[2010/03/15 23:36:10 | 068,194,558 | ---- | C] () -- C:\Users\Joe\Desktop\Danny Wolf (March 2010 House mix).wma
[2010/03/15 23:19:15 | 063,784,270 | R--- | C] () -- C:\Users\Joe\Documents\Danny Wolf (March 2010 Commercial Funky mix).wma
[2010/03/15 21:59:24 | 000,242,187 | ---- | C] () -- C:\Users\Joe\Desktop\newestnexdana.png
[2010/03/14 23:14:26 | 000,433,664 | ---- | C] () -- C:\Users\Joe\Documents\Doc3.doc
[2010/03/14 00:44:18 | 000,748,076 | ---- | C] () -- C:\Users\Joe\Desktop\1748-1258480158-mybbpro-1-1.zip
[2010/03/14 00:04:45 | 000,422,878 | ---- | C] () -- C:\Users\Joe\Desktop\327.zip
[2010/03/13 23:46:18 | 000,015,014 | ---- | C] () -- C:\Users\Joe\Desktop\Nexdana-theme.xml
[2010/03/13 23:38:00 | 000,002,890 | ---- | C] () -- C:\Users\Joe\Desktop\bigger-mid.png
[2010/03/13 23:37:46 | 000,003,147 | ---- | C] () -- C:\Users\Joe\Desktop\bigger-bot.png
[2010/03/13 23:36:58 | 000,003,167 | ---- | C] () -- C:\Users\Joe\Desktop\bigger-top.png
[2010/03/13 22:26:47 | 013,029,199 | ---- | C] () -- C:\Users\Joe\Desktop\blackholegoodbye.zip
[2010/03/13 18:22:15 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/03/13 18:22:02 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/03/13 18:21:38 | 000,001,727 | ---- | C] () -- C:\Users\Joe\Desktop\DivX Movies.lnk
[2010/03/13 17:44:29 | 033,564,911 | ---- | C] () -- C:\Users\Joe\Desktop\Avi2Dvd_Setup_052.exe
[2010/03/13 17:34:17 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/03/13 14:44:43 | 000,039,092 | ---- | C] () -- C:\Users\Joe\Desktop\25105_1376814176091_1103941812_31190220_6840170_n.jpg
[2010/03/11 22:45:39 | 000,000,033 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\pcouffin.log
[2010/03/11 22:44:24 | 000,087,608 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\inst.exe
[2010/03/11 22:44:24 | 000,007,887 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\pcouffin.cat
[2010/03/11 22:44:24 | 000,001,144 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\pcouffin.inf
[2010/03/07 21:37:21 | 000,005,506 | ---- | C] () -- C:\Users\Joe\Desktop\24091_347817042559_347769357559_3455605_1379031_n.jpg
[2010/03/07 02:55:02 | 000,648,641 | ---- | C] () -- C:\Users\Joe\Desktop\403cat.png
[2010/03/07 02:54:35 | 000,648,394 | ---- | C] () -- C:\Users\Joe\Desktop\404cat.png
[2010/03/07 02:50:02 | 000,542,960 | ---- | C] () -- C:\Users\Joe\Desktop\404emu.png
[2010/03/07 02:49:42 | 000,543,395 | ---- | C] () -- C:\Users\Joe\Desktop\403emu.png
[2010/03/07 02:49:03 | 000,404,935 | ---- | C] () -- C:\Users\Joe\Desktop\403baby.png
[2010/03/07 02:48:15 | 000,404,719 | ---- | C] () -- C:\Users\Joe\Desktop\404baby.png
[2010/03/07 02:44:21 | 000,415,374 | ---- | C] () -- C:\Users\Joe\Desktop\4032.png
[2010/03/07 02:28:00 | 000,050,176 | ---- | C] () -- C:\Users\Joe\Documents\Nexdana reports March10.doc
[2010/03/07 02:03:47 | 000,014,352 | ---- | C] () -- C:\Users\Joe\Desktop\march10.png
[2010/03/07 01:56:29 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/07 01:55:58 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010/03/06 00:31:57 | 000,254,621 | ---- | C] () -- C:\Users\Joe\Documents\Advertise_Nexdana_March_5th.pdf
[2010/03/06 00:29:39 | 000,295,936 | ---- | C] () -- C:\Users\Joe\Documents\Why Advertise on Nexdana.doc
[2010/03/05 23:49:02 | 000,016,657 | ---- | C] () -- C:\Users\Joe\Desktop\advertisingBOTTOM.png
[2010/03/05 23:45:16 | 000,015,399 | ---- | C] () -- C:\Users\Joe\Desktop\advertiserTOP.png
[2010/03/05 21:38:44 | 000,230,524 | ---- | C] () -- C:\Users\Joe\Desktop\omgsearch.psd
[2010/03/05 21:10:25 | 000,014,731 | ---- | C] () -- C:\Users\Joe\Desktop\omgsearch.png
[2010/03/05 20:05:49 | 005,016,416 | ---- | C] () -- C:\Users\Joe\Desktop\errorpages.psd
[2010/03/05 19:27:18 | 000,543,414 | ---- | C] () -- C:\Users\Joe\Desktop\nex403.png
[2010/03/05 19:20:28 | 000,545,000 | ---- | C] () -- C:\Users\Joe\Desktop\nex404.png
[2010/03/04 20:35:49 | 001,080,054 | ---- | C] () -- C:\Users\Joe\image.bmp
[2010/03/03 16:15:24 | 000,210,711 | ---- | C] () -- C:\Users\Joe\Desktop\newlogo2.psd
[2010/03/03 16:13:04 | 000,017,483 | ---- | C] () -- C:\Users\Joe\Desktop\newlogo2.png
[2010/03/01 22:50:00 | 000,530,813 | ---- | C] () -- C:\Users\Joe\bloons TD.swf
[2010/03/01 22:49:28 | 000,785,917 | ---- | C] () -- C:\Users\Joe\bloonstd2.swf
[2010/03/01 22:45:59 | 001,401,643 | ---- | C] () -- C:\Users\Joe\bloonstd3.swf
[2010/03/01 22:43:25 | 002,906,520 | ---- | C] () -- C:\Users\Joe\bloonstd4_secure.swf
[2010/02/28 02:32:22 | 003,015,102 | ---- | C] () -- C:\Users\Joe\Up Butt Coconut .ogg
[2010/02/27 21:20:44 | 034,946,048 | ---- | C] () -- C:\Users\Joe\eav_nt32_enu.msi
[2010/02/25 22:04:25 | 005,154,985 | ---- | C] () -- C:\Users\Joe\We Buy Any Car (Bass Shockerz! Remix).mp3
[2010/02/24 16:45:50 | 000,074,218 | ---- | C] () -- C:\Users\Joe\Desktop\moo6 copy.png
[2010/02/24 16:45:20 | 001,034,391 | ---- | C] () -- C:\Users\Joe\Desktop\moo6.psd
[2010/02/24 16:40:21 | 000,080,765 | ---- | C] () -- C:\Users\Joe\Desktop\moo5.png
[2010/02/24 16:39:34 | 000,080,770 | ---- | C] () -- C:\Users\Joe\Desktop\moo4.png
[2010/02/24 16:38:48 | 000,080,715 | ---- | C] () -- C:\Users\Joe\Desktop\moo3.png
[2010/02/24 16:32:41 | 000,069,460 | ---- | C] () -- C:\Users\Joe\Desktop\moo2.png
[2010/02/24 16:27:22 | 000,069,095 | ---- | C] () -- C:\Users\Joe\Desktop\moo.png
[2010/01/08 16:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\FileOut.cns
[2010/01/08 16:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\FileIn.cns
[2009/10/20 15:30:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/28 22:17:32 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2009/06/28 22:17:32 | 000,000,090 | ---- | C] () -- C:\Windows\netctrl.ini
[2009/05/22 23:44:47 | 000,008,959 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\UserTile.png
[2009/05/17 15:45:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/17 15:39:59 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/27 20:51:28 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/18 21:02:48 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/20 21:09:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/10/30 17:35:05 | 000,005,020 | ---- | C] () -- C:\ProgramData\wfpaxlhl.tzk
[2008/10/28 18:36:21 | 000,000,600 | ---- | C] () -- C:\Users\Joe\AppData\Local\PUTTY.RND
[2008/10/13 15:53:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/10 18:58:36 | 000,020,992 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 17:06:56 | 000,001,356 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2008/10/10 17:06:47 | 000,144,109 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\nvModes.dat
[2008/10/10 17:06:47 | 000,144,109 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\nvModes.001
[2008/04/11 21:37:28 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/02/05 00:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/03/30 12:29:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\msvos.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >

Joe.R
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Joe.R on 25th March 2010, 10:39 pm

Extras.txt

OTL Extras logfile created on: 25/03/2010 22:29:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.87 Gb Total Space | 51.64 Gb Free Space | 22.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.97% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOES
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0595347D-FB31-445F-9C14-DAAB04D80A09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{07BE6976-B0AA-476E-8E22-FC82E9AEC5A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0D2B5D37-F91F-4074-9D61-114D3305B9EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DA17823-E3BA-4595-9FE1-815729A19C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1961C829-42F4-4B46-8992-EA7E095B6238}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2384295A-445F-4AC3-BCAC-06885DE72B09}" = lport=445 | protocol=6 | dir=in | app=system |
"{2795647D-D620-4AF8-936A-EFE958D4DCE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31B4ABD1-5299-4B09-8D96-CEDA088B0FD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3208C6F8-4B90-48E0-BC36-02710FC95E53}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{323935D7-172B-4A54-97CB-A70DB89D1A7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35274D61-6ACA-4127-A0EF-90D7CAAF1A37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{352DB442-7BB1-4B0D-8AC2-C2B321D90C1A}" = lport=2178 | protocol=6 | dir=in | app=system |
"{3671C601-F3BF-49CD-B814-B22930D543D9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{38571920-2885-4804-B56B-F513555EB8C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CD3555F-8ECE-48B3-8ABB-4452E1F38270}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41CE96D4-BEA5-474E-93AA-4F34F73BD4BB}" = lport=5720 | protocol=17 | dir=in | name=jumi controller |
"{44326023-7ADD-4B13-BCD2-794A6CA48743}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A32FF77-A23F-4B19-B68D-D49C498AECB5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{550A563A-2FCD-4B23-AFD1-D240F3F04C21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{564F3F53-9225-41A2-BE5B-7A485B5CED02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57CFFAAD-E8C6-46AB-AC32-67E52BF58F56}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5EB01C75-F446-4E8B-8D9E-D0C6A3F49EB6}" = lport=5720 | protocol=6 | dir=in | name=jumi controller |
"{62199C30-C4D0-4FBA-BF54-C3472FF7B75F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6588659B-F241-4431-9DFC-71A4929B8612}" = lport=139 | protocol=6 | dir=in | app=system |
"{665AF1BE-411F-4263-AD5B-0B59238FE133}" = lport=1900 | protocol=17 | dir=in | name=upnp udp |
"{6D89E53B-DB10-4FAD-9CE8-7F34C130E808}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{6DA55FCF-FD09-4371-9607-82E1266C7DA6}" = rport=2178 | protocol=6 | dir=out | app=system |
"{920AD2C8-76A0-4B2E-B51B-74202CE6B273}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{961887E0-ED27-4E9F-A22F-80FB3D1BC398}" = rport=138 | protocol=17 | dir=out | app=system |
"{972BA856-73EC-4DDD-AB18-64DCEDAA8F63}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{98309A12-0EBF-4BE8-8899-A7EF316F8FC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9879227E-5E91-431C-8441-3A0E768AA2B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C782D22-9F1F-4089-BA8C-8EBAE1AF7D51}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A194A323-1194-4191-8CF9-06D0F0EE284C}" = rport=137 | protocol=17 | dir=out | app=system |
"{A26C125D-C0CE-4160-BBC7-FD57943B2FDF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A50445CB-F24A-4751-8B2A-9B48B70504D3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A744E85F-DB44-402C-9A0D-B49E150CE030}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A82060C8-96DB-4888-AF0B-F9597CB89109}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD87E997-3846-4C72-A266-028871BAC71A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B7BAC065-E59A-4B6D-A108-9D7F6EDECE6F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9C74954-E421-4536-A49B-22117E50057C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BECB291A-AB95-43C5-9B08-70059BD58C37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C320693F-99F3-424A-9BA7-B2931EC3F7A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBB29483-750A-4640-8EA4-B488B20EA201}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{D02AE4B0-2AF4-4CFC-B930-EB0F06051983}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D34B2195-3C2E-4D6A-9658-DF0E9544D2E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D47EB1C3-2316-47D9-9525-CC4B4A231D44}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D64935A6-0B44-4BFE-8672-ABD550646C99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D72C0709-2AFC-425C-8BD9-48591D8D3795}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D99FE159-EF04-4980-B998-E5B383AB343C}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp |
"{ED16606B-7562-40AE-83B1-FB961C24C594}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F407EE01-426D-4B56-8256-129FCFD082DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCDC0924-2896-4C8D-9ED5-B75E3AD38323}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F3C640-378A-43DB-A654-926C6C00CCF2}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{10B5BCC4-9BC2-4C76-9388-B60C93B73D6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10D922F6-0663-4C59-9B4A-24D658372082}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{12B6ADC7-FC8F-49ED-97C8-8BC5D09AC549}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{17503D9D-71FB-4525-B33D-1116F9A953CA}" = protocol=17 | dir=in | app=c:\program files\permissionresearch\prmrsr.exe |
"{1B5B9B1A-44BF-4268-9B28-43F1DB41C40A}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{1EB37394-DA3A-455F-80AE-5310978025CF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{242E3DBB-262C-46B3-ADCE-90FC9679C6E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{258B6168-7DDB-4319-A7B1-967EAE3A0BE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25B62A8D-4332-48B1-BD17-485830817677}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2B754454-DDE1-4916-BC27-6D79170F6810}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3435B951-DCF9-4FDB-BF5B-6BACA3A65DE1}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{37490D76-87BB-4B38-96E2-F14773929E81}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4614CAE3-1C45-40E8-98C6-98EDD05ECA2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46C6AD69-E700-4977-8121-40C99C72A10E}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{501ADE52-C432-423C-A5FC-A5D45BD4971B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{577C7384-9664-466B-A5D4-0B4A19CF1712}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5905FA5B-DE43-45D7-9323-96F6BA28AD51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{613F1E4A-A7BE-4E76-9F8F-A0DECB53BF4C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6B3C8983-1EA3-4128-A327-132CF3589AD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CC72A4F-51EF-4ABD-B34D-49CD24CDDE31}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E3F6438-2E27-4404-BB70-E1AC3AD5193E}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{6FBB5591-80B7-4742-8663-3E82CDE0171B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{70CD48D5-0723-4768-A338-2F519FF1E081}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71D88B58-08C1-4197-910B-83B2593584F1}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{7340E366-B59D-4052-93F5-FF5246DD3268}" = protocol=6 | dir=in | app=c:\program files\permissionresearch\prmrsr.exe |
"{851B10E1-B90F-4B4A-89D2-769CD4C2ADD8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{8968EB3E-BDB8-41AE-9868-57C8AAFA96E3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8FBC0790-28C8-4B05-9554-C2443AE5DB6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90CEA4A7-BF27-4095-B3F2-3F241098A2E5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{92E59BE9-A84E-4530-8BE3-8AD8A34CFF40}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94C8279A-C951-4B64-B230-95779159B376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95A40221-CA48-4321-BEB3-31F0977C7486}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B184AFE4-B582-426D-A71B-F53A2BE05617}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B4E64804-C5AC-420D-AA56-2F3106FFBB3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2E120B4-E245-49BD-ACAA-1556FE6A5A79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB3C8740-6093-4E14-8887-B5A3185ACDCD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CC760458-96B6-4517-8B86-44EF7190E6D5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{CCB307E5-DD51-447B-AA4D-CE414D2D0B69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D87EFFBE-79D9-474C-9492-CFB0BEB99B2B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DA227E77-F94E-4C70-92A6-7EF19525B347}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E3A2DDFB-DC60-4F23-B21B-F37993AD1B64}" = protocol=6 | dir=out | app=system |
"{E59708E0-3089-43BC-8B8C-D200261EDDFB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E9D28B9B-F77C-4942-B61C-F1858420C2C3}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EC02BEDF-CB20-419D-82D8-A81C1E1393C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF514414-9F5D-43EC-BB41-670585395B22}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{F6DAE2EB-501C-4BB4-A332-AF7AA02B2328}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F78F4A74-E4D7-417A-AC9A-ECA930C39303}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE4D7D35-1C1B-4DFA-83AB-B4E95A64D88C}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{FF259B16-9EDC-4E9F-B4F9-DE03EA6B7423}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1CFC619D-34C2-4C4E-88D4-D6A2559CFDC2}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{2940F7BF-130F-45F4-B9D9-63CF1F4E365A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2D4C09FB-1F1B-4C01-8964-121D0EB46958}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4AA15178-9940-49CE-BA7C-BDCCBA9F8934}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7A7A81C1-63D3-4174-965A-90F43E34993C}C:\program files\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer3\teamviewer.exe |
"TCP Query User{8110DC19-78B1-4F2F-AEE1-48EECED93644}C:\program files\jumi\jumi.exe" = protocol=6 | dir=in | app=c:\program files\jumi\jumi.exe |
"TCP Query User{967285A0-1B87-4094-8BD2-640D7E4AEC6A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9BE7101C-CE50-4B23-A3FE-FFFF4EFE07F2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B765ECD4-D3E3-480B-AF2E-62FEBF5F89AC}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{B93EB2FB-90BE-4C69-A91D-3291D964F4F8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DA1688BA-F233-4DF4-B5A9-431365E0C8CA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E2E55598-BB0D-4E20-8592-B81FE89FFD77}C:\program files\spacialaudio\sambc\sam2.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sam2.exe |
"TCP Query User{E5F4FCFC-F392-4A07-952F-C6D055FB4040}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E7CE4E97-1062-4367-996D-1CE1A05F1F21}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{F1D5F8E2-2872-4B8A-8FA4-10E762DC5175}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{032E408E-CF55-45B8-886C-1B183E333E07}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{261EB640-B6E9-4BF6-9ADC-2F1235C938F0}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{4A90B39B-53E6-402E-9A09-7860321715DC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{53C7D40C-7BBC-405A-BC2A-B5A1D1708504}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8587ABCC-35D1-49A4-B1A0-DBE0719D068D}C:\program files\jumi\jumi.exe" = protocol=17 | dir=in | app=c:\program files\jumi\jumi.exe |
"UDP Query User{8E94C6EA-A499-41F9-8C76-BB4CC67EA90B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9C9979EB-65A6-49B4-9462-6909A5C7A552}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A66D46FA-404B-404D-BCF9-B35C17E4F454}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{B3AFDA30-1BBB-42EE-99CA-65BF8E2584F3}C:\program files\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer3\teamviewer.exe |
"UDP Query User{B8DCF929-1819-401F-80C8-73B087C80EDE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C5642EDD-5603-4D67-BE3E-A04429FEAEAF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D5E7BB9A-FA2E-42A1-9A20-F1FD4D42A3B3}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{E70CFF3E-2991-4A1A-98D8-8FA59A3B8652}C:\program files\spacialaudio\sambc\sam2.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sam2.exe |
"UDP Query User{FEE4B8F7-1529-46FA-BBA9-11032643DDED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FFDF6400-34C3-40AF-90DE-918C7513A844}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{42cd067f-d483-428d-83bc-437211349927}" = PermissionResearch
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"D-Link VGA Webcam" = D-Link VGA Webcam
"dt icon module" =
"FBDBServer_2_0_is1" = Firebird 2.1.0.16780 (Win32)
"Google Chrome" = Google Chrome
"gtfirstboot Setting Request" =
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = Vaio Marketing Tools
"Messenger Plus! Live" = Messenger Plus! Live
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MySQL Servers and Clients 3.23.52" = MySQL Servers and Clients 3.23.52
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx 3.0
"Quick Memory Editor_is1" = Quick Memory Editor 5.0
"RealPlayer 12.0" = RealPlayer
"Replay Video Capture3.1B" = Replay Video Capture
"RollerCoaster Tycoon Setup" = Roll
"SAM2" = SAM2 (remove only)
"SopCast" = SopCast 3.2.4
"Spotify" = Spotify
"TeamViewer 4" = TeamViewer 4
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2009 17:19:15 | Computer Name = Joes | Source = Google Update | ID = 20
Description =

Error - 16/10/2009 18:19:15 | Computer Name = Joes | Source = Google Update | ID = 20
Description =

Error - 16/10/2009 19:19:15 | Computer Name = Joes | Source = Google Update | ID = 20
Description =

Error - 16/10/2009 19:57:34 | Computer Name = Joes | Source = Windows Search Service | ID = 3006
Description =

Error - 16/10/2009 19:57:34 | Computer Name = Joes | Source = Windows Search Service | ID = 3007
Description =

Error - 16/10/2009 20:32:00 | Computer Name = Joes | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 16/10/2009 20:32:27 | Computer Name = Joes | Source = WinMgmt | ID = 10
Description =

Error - 16/10/2009 21:00:56 | Computer Name = Joes | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 17/10/2009 15:35:19 | Computer Name = Joes | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2009 15:35:38 | Computer Name = Joes | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ System Events ]
Error - 20/03/2009 21:03:32 | Computer Name = Joes | Source = HTTP | ID = 15016
Description =

Error - 20/03/2009 21:05:02 | Computer Name = Joes | Source = Service Control Manager | ID = 7000
Description =

Error - 20/03/2009 21:05:02 | Computer Name = Joes | Source = Service Control Manager | ID = 7009
Description =

Error - 20/03/2009 21:05:32 | Computer Name = Joes | Source = Service Control Manager | ID = 7022
Description =

Error - 21/03/2009 08:35:23 | Computer Name = Joes | Source = HTTP | ID = 15016
Description =

Error - 21/03/2009 08:36:43 | Computer Name = Joes | Source = Service Control Manager | ID = 7000
Description =

Error - 21/03/2009 08:36:43 | Computer Name = Joes | Source = Service Control Manager | ID = 7009
Description =

Error - 21/03/2009 08:37:21 | Computer Name = Joes | Source = Service Control Manager | ID = 7022
Description =

Error - 21/03/2009 13:34:43 | Computer Name = Joes | Source = HTTP | ID = 15016
Description =

Error - 21/03/2009 13:36:02 | Computer Name = Joes | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Joe.R
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-03-25
Gender Gender : Male
OS OS : Windows Vista
Points Points : 24583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I might have something :/

Post by Belahzur on 25th March 2010, 10:46 pm

Hello.

I see that you are running Limewire and µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.


  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    Adobe Reader 8.1.3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    LimeWire 5.4.6

  • Click on the Uninstall/Change button at the top.

Then download and install [You must be registered and logged in to see this link.]



Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum